network-freak

BGP Prefix Limit Maximum Prefix-limit is used to control the BGP peer not to overload your BGP routing table and it helps to avoid the situation. let's explore how to configure in Cisco, Juniper, and Nokia router Cisco Configuration  ! router bgp 300  neighbor 192.168.1.1   address-family ipv4 unicast    maximum-prefix <max-limit> <percentage> <Actions>   !  ! Juniper  Configuration edit protocol bgp {         group nokia {             neighbor 192.168.0.1 {                 family inet {                     unicast {                         prefix-limit {                             maximum 1000;                    ...

TCP-AO is a new authentication method proposed through RFC5925, The TCP Authentication Option to enhance the security and authenticity of TCP segments exchanged during BGP.  It supports both IPv4 and IPv6 traffic Benefits of TCP-AO Support multiple stronger algorithms, such as HMAC-SHA1 and AES-128 to create an internal traffic key and message digest. Add a new user-configured key to re-generate internal traffic keys for an established connection and a mechanism to synchronize key change between BGP peers Nokia Configuration /configure system security  keychain "aes-128-cmac-96-keychain"                 tcp-option-number                     send tcp-ao                     receive tcp-ao                 exit                 direction         ...

 In this blog, I will explain the benefits of the MD5 concept and how to configure it on Cisco, Juniper, and Nokia Router TCP-MD5 MD5 is used to protect the BGP session between the peers to form the secured session over the public Network.  TCP MD5 option supports only one key for a connection. Further, it only supports the MD5 algorithm. The MD5 algorithm takes the “secret” from the key and the TCP segment for encryption and generates a message digest. This message digest is then copied to the MD5 digest field in the TCP segment and is sent to the receiving device. Cisco XR router bgp 300  neighbor 192.168.1.1   password encrypted 011D03104C0414042D4D4C Juniper edit protocols {                                  bgp {         group nokia {                neighbor 192.168.0.1 {           ...

Hi Everyone, In the blog, I am going to explain how TTL security is useful in BGP Session protection. Time to Live will be added to every packet and it will be reduced at each hop it transfers. Consider someone who wants to hack your BGP session and will send the spoofed  BGP packets and try to negotiate with your BGP session. to avoid this kind of spoofing we use TTL Security TTL security is a mechanism that evaluates the TTL value of incoming IP packets to ensure that they have not been faked. The IP TTL value will be set to 255 by directly connected BGP peers, making it impossible to relay spoof Internet protocol with TTL=255 through non directly connected interfaces. Cisco XR router bgp 100  neighbor-group ebgp   ttl-security  ! neighbor 192.168.1.1   remote-as 100   use neighbor-group ebgp   address-family ipv4 unicast   !  ! Juniper  protocols {                        ...