Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
2
Helpful
1
Replies

Question on BGP Authentication - TCP AO

bateman7
Level 1
Level 1

‎12-21-2023 09:45 PM

Hi All,
I am thinking about using TCP key chains for authenticating BGP VPNv4 sessions and will be using peer-groups to connect to clients from RR. A sample key as below. I have used this in direct IPv4 session but I read somewhere that the send-id and recv-id in the key should be unique for different BGP peers, but I am unable to verify this though. No mention on the Cisco doc.
Just wanted to clarify, should the send-id and recv-id be unique for clients which are part of the peer-group? Esp in a RR to Clients scenario. Working on labbing to confirm this, but wanted to check if anyone is aware.

 

https://19216801.onl/ https://routerlogin.uno/
Labels:
1 Reply 1

M02@rt37
VIP
VIP

‎12-21-2023 11:29 PM

Hello @bateman7 

As I know, the combination of send-id and recv-id acts as a unique identifier for the key associated with a particular BGP session. When using peer-groups in BGP with TCP-AO, each BGP peer within the group should have a distinct set of send-id and recv-id to ensure proper authentication. In a RR scenario, each client should use a unique combination of send-id and recv-id.

It's a wise approach to lab and confirm the behavior.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents