Overview
Outlines BGP session security methods, covering keychains, Martian address checks, eBGP GTSM protection, interface-based LPTS identifiers, and prefix origin validation mechanisms to enhance BGP session integrity and secure routing policy implementation.
This chapter provides an overview of essential security mechanisms for protecting BGP sessions on Cisco routers. It covers key features such as BGP keychains, Martian address checks, TTL security (GTSM), interface-based LPTS identifiers, and prefix origin validation using RPKI. Each section explains the purpose of the mechanism and offers practical configuration guidance to help secure BGP routing against common threats.
BGP keychains
Introduces BGP keychains for session authentication and integrity, and provides instructions to configure keychains for BGP using secure key management practices.
Martian address checks
Explains Martian address checks for identifying invalid BGP addresses and details procedures to disable Martian address checks in BGP when necessary for specific scenarios.
BGP eBGP security GTSM
Describes BGP eBGP security using TTL Security Mechanism (GTSM) and provides step-by-step guidance to configure BGP eBGP security GTSM to protect against spoofed routing updates.
Interface-based LPTS identifiers
Details interface-based LPTS identifiers for controlling traffic destined to the local router and guides configuration of LPTS secure binding for directly connected eBGP neighbors.
BGP prefix origin validation mechanisms
Outlines BGP prefix origin validation using mechanisms such as RPKI and provides procedures to configure an RPKI cache server for validating route origin authorship.