Configure md5 authentication key for bgp group/neighbor
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.20 |
Fix Committed
|
Medium
|
Suresh Balineni | |||
Trunk |
Fix Committed
|
Medium
|
Suresh Balineni |
Bug Description
Contrail BGP implementation added support for MD5 authentication
via bug 1383393. This bug tracks the device-manager changes to set
the appropriate configuration via netconf on JUNOS/MX.
MD5 can be configured for a bgp-router in the schema. The auth-data
in BgpRouterParameters has the relevant information. In this case, the
device manager needs to configure the authentication key in the bgp
group stanza for the group(s) representing the control nodes and the
other MXs.
MD5 can also be configured for a bgp-peeering in the schema. The
auth-data in the BgpSessionAttri
In this case, the device manager needs to configure authentication
key under the bgp neighbor stanza corresponding to that peer.
Here's a link to the JUNOS configuration for authentication-key:
Hi Nischal,
Few comments on AuthData schema type, currently it is defined as as:
<xsd:complexType name='Authentic ationData' >
< xsd:element name="key-type" type="Authentic ationKeyType" /> xsd:sequence>
<xsd:element name='key-items' type='Authentic ationKeyItem' maxOccurs='2'/>
< /xsd:sequence>
<
</xsd:complexType>
this can be seen as:
BgpRouterParam eters {
key- items[0. .1] {
int( range 0..63) key_id;
string key;
auth_data {
enum key-type (md5)
}
}
}
Questions: key-chains. Can I always assume that there is only one key present in auth data when it comes to programming MX?
1. Why do we need to have two(max) key items if "key-chain" is not implemented? I presume, control node implemented only authentication-key but not authentication-
2. XML Schema construct <sequence> is useless in this case since there is only only type of element present under the sequence.