Controlling MSDP peering connections
MSDP peers are interconnected over TCP (port number 639). You can tear down or re-establish MSDP peering connections to control SA message exchange between the MSDP peers. When the connection between two MSDP peers is torn down, SA messages are no longer delivered between them. The MSDP peers will not attempt to re-establish the connection. The configuration information, however, remains unchanged.
A TCP connection is required when one of the following conditions exists:
A new MSDP peer is created.
A previously deactivated MSDP peering connection is reactivated.
A previously failed MSDP peer attempts to resume operation.
You can adjust the interval between MSDP peering connection attempts.
To enhance MSDP security, configure a password for MD5 authentication used by both MSDP peers to establish a TCP connection. If the MD5 authentication fails, the TCP connection cannot be established.
IMPORTANT: The MSDP peers involved in MD5 authentication must be configured with the same authentication method and password. Otherwise, the authentication fails and the TCP connection cannot be established. | ||
To control MSDP peering connections:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter MSDP view. | msdp [ vpn-instance vpn-instance-name ] | N/A |
3. Tear down an MSDP peering connection. | shutdown peer-address | By default, an MSDP peering connection is active. |
4. Configure the interval between MSDP peering connection attempts. | timer retry interval | The default setting is 30 seconds. |
5. Configure MD5 authentication for both MSDP peers to establish a TCP connection. | peer peer-address password { cipher | simple } password | By default, MD5 authentication is not performed before a TCP connection is established. |