cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
2
Helpful
1
Replies

Question on BGP Authentication - TCP AO

bateman7
Level 1
Level 1

Hi All,
I am thinking about using TCP key chains for authenticating BGP VPNv4 sessions and will be using peer-groups to connect to clients from RR. A sample key as below. I have used this in direct IPv4 session but I read somewhere that the send-id and recv-id in the key should be unique for different BGP peers, but I am unable to verify this though. No mention on the Cisco doc.
Just wanted to clarify, should the send-id and recv-id be unique for clients which are part of the peer-group? Esp in a RR to Clients scenario. Working on labbing to confirm this, but wanted to check if anyone is aware.

 

1 Reply 1

M02@rt37
VIP
VIP

Hello @bateman7 

As I know, the combination of send-id and recv-id acts as a unique identifier for the key associated with a particular BGP session. When using peer-groups in BGP with TCP-AO, each BGP peer within the group should have a distinct set of send-id and recv-id to ensure proper authentication. In a RR scenario, each client should use a unique combination of send-id and recv-id.

It's a wise approach to lab and confirm the behavior.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.