You can prevent your device from receiving fraudulent route updates by configuring neighbor router authentication. When configured, neighbor authentication occurs whenever routing updates are exchanged between neighbor devices. This authentication ensures that a device receives reliable routing information from trusted sources.
Without neighbor authentication, unauthorized or deliberately malicious routing updates could compromise network security. A security compromise could occur if someone diverts or analyzes your network traffic. For example, an unauthorized device could send a fictitious routing update to convince your device to send traffic to an incorrect destination. This diverted traffic could be analyzed to learn confidential information about your organization or merely used to disrupt your organization's ability to effectively communicate using the network. Neighbor authentication prevents any such fraudulent route updates from reaching your device.
When neighbor authentication has been configured on a device, the device authenticates the source of each routing update packet that it receives. This is accomplished by the exchange of an authenticating key (sometimes referred to as a password) that is known to both the sending and receiving devices.
There are two types of neighbor authentication used: plain text authentication and message digest algorithm 5 (MD5) authentication. Both authentication methods work in the same way, with the exception that MD5 sends a message digest (also called a "hash") instead of the authenticating key. The message digest is created using the key and a message, but the key itself is not sent, preventing the message from being read while the message is being transmitted. Plain text authentication sends an authenticating key over the wire.
Plain text authentication is not recommended for use as part of your security strategy. Its primary use is to avoid accidental changes to the routing infrastructure. Using MD5 authentication, however, is a recommended security practice.
In plain text authentication, each participating neighbor device must share an authenticating key. This key is specified at each device during configuration. Multiple keys can be specified with some protocols; each key must then be identified by a key number.
In general, when a routing update is sent, the following authentication sequence occurs:
- A device sends a routing update with a key and the corresponding key number to the neighbor device. In protocols that can have only one key, the key number is always zero. The receiving (neighbor) device checks the received key against the same key stored in its own memory.
- If the two keys match, the receiving device accepts the routing update packet. If the two keys do not match, the routing update packet is rejected.
Another form of neighbor device authentication is to configure key management using key chains. When you configure a key chain, you specify a series of keys with lifetimes, and the Cisco software checks each of these keys. This process decreases the likelihood that keys will be compromised. To find the complete configuration information for key chains, refer to the "Configuring IP Routing Protocol-Independent Features" module of the Cisco IOS IP Routing: Protocol-Independent Configuration Guide.