In this video we will explore the different BGP authentication methods, concentrating on the authentication provided by the transport layer (TCP) using MD5 and its implications.

Loading video...

NOTE: You can only see a limited low resolution version of the video, if you want to view the full version please sign up and get any of our plans!

Video Description

Basic authentication isn't provided by BGP, it's handled by TCP. 

The session protection via TCP using MD5 is developed to be used via BGP (RFC 2385) but can be used for any other scenario. 

Protects the protocol of spoofing and TCP direct attacks (resets) 
A MD5 hash is generated using the password that both sides know, along with TCP segment data, IP addresses, etc. 

The receiving end device does the same calculation (using the password locally configured) and if the resulting hash matches the incoming one, the message is deemed valid. 

For BGP, there are also other built in methods to do authentication. These are typically more flexible and operate above the BGP messages with the use of:  Marker, capabilities, different hashing algorithms, Authentication Code, Authentication data, etc.



Watch video in playlist

comments powered by Disqus