A TCP connection is required when one of the following conditions exists:
•
A new MSDP peer is created.
A previously deactivated MSDP peering connection is reactivated.
•
A previously failed MSDP peer attempts to resume operation.
•
You can adjust the interval between MSDP peering connection attempts.
To enhance MSDP security, configure a key for MD5 authentication used by both MSDP peers to
establish a TCP connection. If the MD5 authentication fails, the TCP connection cannot be established.
IMPORTANT:
The MSDP peers involved in MD5 authentication must be configured with the same authentication method
and key. Otherwise, the authentication fails and the TCP connection cannot be established.
To control MSDP peering connections:
Step
1.
Enter system view.
2.
Enter MSDP view.
3.
Tear down an MSDP peering
connection.
4.
Set the keepalive timer and
peer hold timer for an MSDP
session.
5.
Configure the interval between
MSDP
attempts.
6.
Configure MD5 authentication
for
both
establish a TCP connection.
Configuring SA message related parameters
This section describes how to configure SA message related parameters.
Configuration prerequisites
Before you configure SA message delivery, complete the following tasks:
Configure a unicast routing protocol so that all devices in the domain are interoperable at the
•
network layer.
Configure basic MSDP functions.
•
Command
system-view
msdp [ vpn-instance
vpn-instance-name ]
shutdown peer-address
timer keepalive keepalive holdtime
peering
connection
timer retry interval
peer peer-address password
MSDP
peers
to
{ cipher | simple } password
147
Remarks
N/A
N/A
By default, an MSDP peering
connection is active.
By default, the keepalive timer and
peer hold timer is 60 seconds and
75 seconds, respectively.
This command immediately takes
effect on an established session.
The default setting is 30 seconds.
By default, MD5 authentication is
not performed before a TCP
connection is established.