BGP使用MD5安全实验

ouyangxibao

简单说明

tcp套接字支持md5选项,通过设置套接字的md5选项,在该套接字上发送报文时会添加md5摘要选项内容。接收端在收到报文后,对md5值进行校验。如果不能通过校验,则拒绝接收,这些都是在tcp层负责处理,有一定的性能损耗。

实验topo

image-20200113200617786

实验说明:设置RTA和RTB彼此为邻居,使用neighbor xxx password xxx命令为两者设置密钥,当密钥相同时,可以成功建立邻居关系,反之不能成功建立邻居。

实验配置

RTA

Building configuration...

Current configuration:
!
frr version 7.1
frr defaults traditional
hostname 486cd3e0f81f
log syslog informational
no ipv6 forwarding
hostname RTA
service integrated-vtysh-config
!
router bgp 65001
 neighbor 10.1.1.2 remote-as external
!
line vty
!
end
RTA#

RTB

Building configuration...

Current configuration:
!
frr version 7.1
frr defaults traditional
hostname a86b8fff04c7
log syslog informational
no ipv6 forwarding
hostname RTB
service integrated-vtysh-config
!
router bgp 65002
 neighbor 10.1.1.1 remote-as external
!
line vty
!
end
RTB#

查看邻居

RTA# show bgp neighbors 10.1.1.2 
BGP neighbor is 10.1.1.2, remote AS 65002, local AS 65001, external link
Hostname: a86b8fff04c7
  BGP version 4, remote router ID 172.17.0.3, local router ID 172.17.0.2
  BGP state = Established, up for 00:02:33

可以看到邻居已经正常建立。

给RTA配置密钥

RTA(config-router)# neighbor 10.1.1.2 password test
RTA(config-router)# 
#查看邻居

RTA# show bgp neighbors 10.1.1.2 
BGP neighbor is 10.1.1.2, remote AS 65002, local AS 65001, external link
Hostname: a86b8fff04c7
  BGP version 4, remote router ID 0.0.0.0, local router ID 172.17.0.2
  BGP state = Connect
  Last read 00:00:53, Last write 00:00:53
  Hold time is 180, keepalive interval is 60 seconds
  
#从上面可以看出,邻居处于connect状态了,邻居被断开了。

给RTB也配置相同的秘钥

RTB(config-router)# neighbor 10.1.1.1 password test
RTB(config-router)# 
# 查看邻居
RTB# show bgp neighbors 
BGP neighbor is 10.1.1.1, remote AS 65001, local AS 65002, external link
Hostname: 486cd3e0f81f
  BGP version 4, remote router ID 172.17.0.2, local router ID 172.17.0.3
  BGP state = Established, up for 00:00:02
  Last read 00:00:01, Last write 00:00:01
  Hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:

将RTB的秘钥配置成与RTA不同

RTB(config-router)# neighbor 10.1.1.1 password test1
RTB(config-router)# 
# 查看邻居
RTB# show bgp neighbors 
BGP neighbor is 10.1.1.1, remote AS 65001, local AS 65002, external link
Hostname: 486cd3e0f81f
  BGP version 4, remote router ID 0.0.0.0, local router ID 172.17.0.3
  BGP state = Connect
  Last read 00:00:25, Last write 00:00:25
  Hold time is 180, keepalive interval is 60 seconds
  Message statistics:

分类:

技术点:

相关文章:

  • 2021-09-21
  • 2021-10-11
  • 2021-09-04
  • 2021-09-21
  • 2021-10-26
  • 2021-09-21
  • 2021-09-21
猜你喜欢
  • 2021-10-11
  • 2021-09-21
  • 2021-09-21
  • 2021-09-21
  • 2021-09-21
  • 2021-09-21
  • 2021-09-21
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode