Contrail BGP implementation added support for MD5 authentication
via bug 1383393. This bug tracks the device-manager changes to set
the appropriate configuration via netconf on JUNOS/MX.
MD5 can be configured for a bgp-router in the schema. The auth-data
in BgpRouterParameters has the relevant information. In this case, the
device manager needs to configure the authentication key in the bgp
group stanza for the group(s) representing the control nodes and the
other MXs.
MD5 can also be configured for a bgp-peeering in the schema. The
auth-data in the BgpSessionAttributes has the relevant information.
In this case, the device manager needs to configure authentication
key under the bgp neighbor stanza corresponding to that peer.
Here's a link to the JUNOS configuration for authentication-key:
http://www.juniper.net/documentation/en_US/junos14.2/topics/reference/configuration-statement/authentication-key-edit-protocols-bgp.html
Hi Nischal,
Few comments on AuthData schema type, currently it is defined as as:
<xsd:complexType name='Authentic
<
</xsd:complexType>
this can be seen as:
BgpRouterParam
auth_data {
enum key-type (md5)
}
}
}
Questions:
1. Why do we need to have two(max) key items if "key-chain" is not implemented? I presume, control node implemented only authentication-key but not authentication-
2. XML Schema construct <sequence> is useless in this case since there is only only type of element present under the sequence.