Nokia IPSO 4.0 Cell Phone User Manual


 
9
412 Nokia Network Voyager for IPSO 4.0 Reference Guide
The TCP MD5 option allows BGP to protect itself against the introduction of spoofed TCP
segments into the connection stream. To spoof a connection using MD5 signed sessions, the
attacker not only has to guess TCP sequence numbers, but also the password included in the
MD5 digest.
Note
TCP MD5 authentication is not available for BGP session over IPv6.
BGP Support for Virtual IP for VRRP
The Nokia IPSO implementation of BGP supports advertising the virtual IP address of the
VRRP virtual router. You can force a route to use the virtual IP address as the local endpoint for
TCP connections for a specified internal or external peer autonomous system. You must also
configure a local address for that autonomous system for the VRRP virtual IP option to function.
Only the VRRP master establishes BGP sessions. For more information on VRRP, see “VRRP
Overview” on page 183.
Note
You must use monitored-circuit VRRP when configuring virtual IP support for BGP or any
other dynamic routing protocol. Do not use VRRPv2 when configuring virtual IP support for
BGP.
Note
BGP support for advertising the virtual IP address of the VRRP virtual router is only
available for IPv4 BGP sessions, not for IPv6. In a VRRPv2 pair, if you select the Virtual
Address option on the Advanced BGP page, it affect only IPv4 BGP peers. In a VRRPv3
pair, this option is not available for IPv6 BGP peers.
Perform the following procedure to configure an a peer autonomous system, corresponding local
address, and to enable support for virtual IP for VRRP.
1. Click BGPs under Configuration > Routing Configuration in the tree view.
2. Enter a value between 1 and 65535 in the Peer Autonomous System Number edit box.
3. Click the Select the peer group type drop-down list and click either Internal or External.
If the peer autonomous system number is different from the local autonomous system of this
router, click External.
If the peer autonomous system number is the same as that of the local autonomous system of
this router, click Internal. You must also select Internal if the local autonomous system is
part of a confederation. For more information on confederations, see “Confederations” on
page 409.
4. Click Apply.
5. Click the Advanced BGP Options link on the BGP page.