EasyManuals Logo

HP 5920 Series User Manual

HP 5920 Series
607 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #378 background imageLoading...
Page #378 background image
365
Usage guidelines
IPsec can protect IPv6 BGP packets from data eavesdropping, tampering, and attacks caused by forged
IPv6 BGP packets.
When two IPv6 BGP neighbor devices, for example Device A and Device B, are configured with IPsec,
Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B
successfully receives and decapsulates the packet, it establishes an IPv6 BGP peer relationship with
Device A or learns IPv6 BGP routes to Device A. If Device B receives but fails to decapsulate the packet,
or receives a packet not protected by IPsec, it discards the packet.
Configure IPsec to protect IPv6 BGP packets through the following steps:
1. Configure an IPsec transform set.
2. Configure a manual IPsec profile.
3. Execute this command to apply the IPsec profile to an IPv6 BGP peer or peer group.
For more information about IPsec transform sets and IPsec profiles, see Security Configuration Guide.
This command supports only IPsec profiles in manual mode.
If you configure IPsec on a device, you must configure IPsec on its IPv6 BGP peer. Otherwise, IPv6 BGP
packets cannot be received.
Examples
# In BGP view, apply IPsec profile profile001 to peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer test ipsec-profile profile001
# In BGP-VPN instance view, apply IPsec profile profile001 to peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] peer test ipsec-profile profile001
Related commands
• display bgp group
• display bgp peer
peer keep-all-routes
Use peer keep-all-routes to save all route updates from a peer or peer group, regardless of whether the
routes have passed the configured routing policy.
Use undo peer keep-all-routes to restore the default.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4
address family view:
peer { group-name | ip-address } keep-all-routes
undo peer { group-name | ip-address } keep-all-routes
In BGP IPv6 unicast address family view:

Table of Contents

Other manuals for HP 5920 Series

Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide215 pages
Preview: Configuration Guide
Configuration Guide424 pages
Preview: Installation Guide
Installation Guide63 pages
Preview: Troubleshooting Guide
Troubleshooting Guide52 pages
Preview: Fc And Fcoe Configuration Guide
Fc And Fcoe Configuration Guide257 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5920 Series and is the answer not in the manual?

HP 5920 Series Specifications

General IconGeneral
BrandHP
Model5920 Series
CategorySwitch
LanguageEnglish

Related product manuals