The BGP MD5 Password, Drift and Reconcile, and Idempotency

Drift is identified if you modify the MD5 password through SLX, the CLI, or other management tool.

A reconcile operation pushes the intended configuration to SLX, thereby synchronizing the SLX configuration with EFA.



A reconcile operation configures the MD5 password on the device back to its original value (pre-drift) but does not clear the session. Also, the state is not verified after the password is configured.
Field Identity Drift Reconcile Configuration Idempotency
md5-password Yes Yes Yes*

* There are some caveats to idempotency. The fabric service does not store the plain text password you provide after the fabric has been configured. It stores the encrypted string of the user-provided password, matching with the encrypted string available on the SLX device. So, setting the same original MD5 password after the fabric is configured results in devices going into cfg-refreshed state. For the operation to be idempotent, after the fabric is configured, the encrypted string should be provided as the md5-password and not the original plain text password.

Devices in the fabric are in cfg-refreshed state when the MD5 password has been updated but the fabric is not yet reconfigured. In such a scenario, the previous MD5 password is used for drift detection until the fabric is configured with the new password.