[quagga-users 13020] Re: BGP Md5 Authentication

sthaug at nethelp.no sthaug at nethelp.no
Sun Oct 28 08:05:51 GMT 2012


> After reading many things online about Quagga and support for BGP and Md5, I'm still confused as to if Quagga supports this function?

Yes. But it depends on operating system support, as you correctly note.

> I am told that it's on the operating system layer the support needs to exist. If I plan to use a FreeBSD box, has anyone got any advice as to how to implement this?

I'm running Quagga with BGP MD5 support on several 8.3-STABLE boxes
here.  And have been running it (with earlier FreeBSD versions) for
years.

Your Quagga config is very straightforward if you know Cisco:

router bgp 2116
 neighbor a.b.c.d remote-as 2116
 neighbor a.b.c.d password xxxxxxxxx

For the kernel you need:

options         TCP_SIGNATURE
options         IPSEC
device          crypto
device          cryptodev

/etc/rc.conf must have

ipsec_enable="YES"

and /etc/ipsec.conf must have a line corresponding to the BGP MD5
session:

add p.q.r.s a.b.c.d tcp 0x1000 -A tcp-md5 "xxxxxxxxx"

where p.q.r.s is my IP address, a.b.c.d is the neighbor IP address
and xxxxxxxxx is the BGP MD5 key.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the Quagga-users mailing list