How to configure secure BGP? It’s one of the most frequently asked questions. There are few ways to make safe BGP session. Remember that ISP doesn’t provide all below commands. They would configure MD5 hash for your link.
1.Using MD5 password
MD5 setting is common and easy to implement.
Cisco_Router(config-router)#neighbor x.x.x.x password c1sc0
2.Limiting Maximum-prefix
By limiting maximum-prefix, you can save memory and avoid bogus routes. However, this command leads BGP session bouncing, once you received exceed amount routes (From below example, if you received more than 1000 prefixes, BGP session will be bounced)
Cisco_Router(config-router)#neighbor x.x.x.x maximum-prefix 1000
3.Removing update from Private AS
This will remove update from Private AS.
Cisco_Router(config-router)#neighbor x.x.x.x remove-private-as
4.Limiting TTL
It is only allow communicate to neighbor in next hop.
Cisco_Router(config-router)#neighbor x.x.x.x ttl-security hop 1
5. Limiting maximum lenght of the as path
Cisco_Router(config-router)#neighbor x.x.x.x bgp maxas-limit 30
1.Using MD5 password
MD5 setting is common and easy to implement.
Cisco_Router(config-router)#neighbor x.x.x.x password c1sc0
2.Limiting Maximum-prefix
By limiting maximum-prefix, you can save memory and avoid bogus routes. However, this command leads BGP session bouncing, once you received exceed amount routes (From below example, if you received more than 1000 prefixes, BGP session will be bounced)
Cisco_Router(config-router)#neighbor x.x.x.x maximum-prefix 1000
3.Removing update from Private AS
This will remove update from Private AS.
Cisco_Router(config-router)#neighbor x.x.x.x remove-private-as
4.Limiting TTL
It is only allow communicate to neighbor in next hop.
Cisco_Router(config-router)#neighbor x.x.x.x ttl-security hop 1
5. Limiting maximum lenght of the as path
Cisco_Router(config-router)#neighbor x.x.x.x bgp maxas-limit 30
