Applying an IPsec policy to an IPv6 BGP peer or peer group
To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship with the sending device.
Configuration prerequisites
Before you apply an IPsec policy to a peer or peer group, complete following tasks:
Create an IPsec proposal.
Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration guidelines
An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see Security Configuration Guide.
Configuration procedure
To apply an IPsec policy to a peer or peer group
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter BGP view. | bgp as-number | N/A |
3. Enter IPv6 address family view. | ipv6-family | N/A |
4. Apply an IPsec policy to a peer or peer group. | peer { group-name | ip-address } ipsec-policy policy-name | Not configured by default. |