This is the one of famous question my customers asking all the time. How to configure secure BGP? There are few ways to make robust BGP session. Keep it in your mind, ISP doesn’t provide all below commands (Don’t wasting time). They would configure MD5 hash for your link.
1. Using MD5 password
MD5 setting is common and easy to implement.
Cisco_Router(config-router)#neighbor x.x.x.x password c1sc0
2. Limiting Maximum-prefix
By limiting maximum-prefix, you can save memory and avoid bogus routes. However, this command leads BGP session bouncing, once you received exceed amount routes (From below example, if you received more than 1000 prefixes, BGP session will be bounced)
Cisco_Router(config-router)#neighbor x.x.x.x maximum-prefix 1000
3. Removing update from Private AS
This will remove update from Private AS.
Cisco_Router(config-router)#neighbor x.x.x.x remove-private-as
4. Limiting TTL
It is only allow communicate to neighbor in next hop.
Cisco_Router(config-router)#neighbor x.x.x.x ttl-security hop 1
5.Limiting maximum lenght of the as path
Cisco_Router(config-router)#neighbor x.x.x.x bgp maxas-limit 30
I hope this is informative for you.
Recent Comments