[x]

Tuning and optimizing BGP networks > Configuring IPsec for IPv6 BGP

 

 Next

Configuring IPsec for IPv6 BGP

Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication for IPv6 BGP packets exchanged between BGP peers.

When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or receives a packet not protected by IPsec, it discards the packet.

To configure IPsec for IPv6 BGP packets (IPv6 unicast/multicast address family):

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure an IPsec transform set and a manual IPsec profile.

See Security Configuration Guide.

By default, no IPsec transform set or manual IPsec profile exists.

3. Enter BGP instance view or BGP-VPN instance view.

  • Enter BGP instance view:bgp as-number [ instance instance-name ]

  • Enter BGP-VPN instance view:

    1. bgp as-number [ instance instance-name ]

    2. ip vpn-instance vpn-instance-name

N/A

4. Apply the IPsec profile to an IPv6 BGP peer or peer group.

peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile profile-name

By default, no IPsec profile is configured for any IPv6 BGP peer or peer group.

This command supports only IPsec profiles in manual mode.

prev

 

up

 next

Configuring BGP load balancing 

home

 Disabling BGP to establish a session to a peer or peer group

© Copyright 2017 Hewlett Packard Enterprise Development LP