Home BGP Knowledge Base How to configure secure BGP?

This is the one of famous question my customers asking all the time. How to configure secure BGP? There are few ways to make robust BGP session. Keep it in your mind, ISP doesn't provide all below commands (Don't wasting time). They would configure MD5 hash for your link. 

1. Using MD5 password

MD5 setting is common and easy to implement.

Cisco_Router(config-router)#neighbor x.x.x.x password c1sc0

 

 

2. Limiting Maximum-prefix

By limiting maximum-prefix, you can save memory and avoid bogus routes. However, this command leads BGP session bouncing, once you received exceed amount routes (From below example, if you received more than 1000 prefixes, BGP session will be bounced)

Cisco_Router(config-router)#neighbor x.x.x.x maximum-prefix 1000

 

3. Removing update from Private AS

This will remove update from Private AS.

Cisco_Router(config-router)#neighbor x.x.x.x remove-private-as

 

4. Limiting TTL 

It is only allow communicate to neighbor in next hop.

Cisco_Router(config-router)#neighbor x.x.x.x ttl-security hop 1

 

5.Limiting maximum lenght of the as path

 

Cisco_Router(config-router)#neighbor x.x.x.x bgp maxas-limit 30

 

I hope this is informative for you.

 

Last Updated (Monday, 21 September 2009 21:51)

 
Google Translation
English Arabic Chinese (Simplified) Czech Dutch French German Italian Korean Portuguese Russian Spanish Filipino Vietnamese Thai Turkish
Statistics
Content View Hits : 552009
Polls
Who is the best ISP?