Configure BGP MD5 Authentication for Backup Routing Neighbors

About this task

The BGP MD5 password for the backup routing neighbors is the same as the one set at the fabric setting level. The BGP MD5 password for the backup routing neighbors is configured during the configuration of VRF on SLX.

If the MD5 password setting is updated or set on a provisioned fabric followed by efa fabric configure, then the modified backup routing neighbor configuration is applied on all the tenant VRF backup routing BGP neighbors during efa fabric configure.

Procedure

  1. Run the series of commands as shown in the following example. 
    efa fabric show --name fabric1
Fabric Name: fabric1, Fabric Description: , Fabric Type: non-clos
+--------------+-------+--------------+------------+------+--------------+-------------+-------------------+-----------------+---------+-------+
|  IP ADDRESS  | RACK  |  HOST NAME   |    ASN     | ROLE | DEVICE STATE |  APP STATE  | CONFIG GEN REASON | PENDING CONFIGS | VTLB ID | LB ID |
+--------------+-------+--------------+------------+------+--------------+-------------+-------------------+-----------------+---------+-------+
| 10.20.246.15 | rack1 | Avalanche-01 | 4200000000 | leaf | provisioned  | cfg in-sync | NA                | NA              | 2       | 1     |
| 10.20.246.16 | rack1 | Avalanche-02 | 4200000000 | leaf | provisioned  | cfg in-sync | NA                | NA              | 2       | 1     |
+--------------+-------+--------------+------------+------+--------------+-------------+-------------------+-----------------+---------+-------+

efa fabric setting show --name fabric1 --advanced | grep -i "backup routing“
| Backup Routing Enable          | Yes                    |
| Backup Routing IPv4 Range      | 10.40.40.0/24          |
| Backup Routing IPv6 Range      | fd40:4040:4040:1::/120 |


efa tenant show
+------+---------+------------+-------------+--------------+-----------+-----------+----------------------+
| Name |  Type   | VLAN Range | L2VNI Range | L3VNI Range  | VRF Count | Enable BD |        Ports         |
+------+---------+------------+-------------+--------------+-----------+-----------+----------------------+
| ten1 | private |   11-20    | 20001-20020 | 21001-210020 |    10     |   false   | 10.20.246.15[0/1-10] |
|      |         |            |             |              |           |           | 10.20.246.16[0/1-10] |
+------+---------+------------+-------------+--------------+-----------+-----------+----------------------+

efa tenant vrf show
+----------+--------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
|   Name   | Tenant | Routing Type | Centralized Routers | Redistribute | Max Path | Local Asn | Enable GR |   State    |    Dev State    | App State |
+----------+--------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
| ten1vrf1 |  ten1  | distributed  |                     |  connected   |    8     |           |   false   | vrf-create | not-provisioned | cfg-ready |
+----------+--------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+

efa fabric setting show --name fabric1 –advanced | grep -i MD5
| MD5 Password Enable            | Yes                                              |
| MD5 Password                   | $9$jrujIQqNxWkAyUOoI4cMtzhc4oP2VGREKwLOsSKH8bw=  |

efa tenant epg show --name ten1epg1 --tenant ten1 –detail
===============================================================================================================================================================
Name          : ten1epg1
Tenant        : ten1
Type          : extension
State         :
Description   :
Ports         : 10.20.246.15[0/1]
POs           :
Port Property : SwitchPort Mode               : trunk
              : Native Vlan Tagging           : false
              : Single-Homed BFD Session Type : auto
NW Policy     : Ctag Range                    : 11
              : VRF                           : ten1vrf1
              : L3Vni                         : 21001
+------+-------------------------+-------+---------+--------------+--------------+-----------------------+--------+---------+----------------+--------------+-------------+-------------+
| Ctag |          Ctag           | L2Vni | BD Name | Anycast IPv4 | Anycast IPv6 |       Local IP        | IP MTU | IPv6 ND |    IPv6 ND     |   IPv6 ND    |  Dev State  |  App State  |
|      |       Description       |       |         |              |              | [Device-IP->Local-IP] |        |   Mtu   | Managed Config | Other Config |             |             |
+------+-------------------------+-------+---------+--------------+--------------+-----------------------+--------+---------+----------------+--------------+-------------+-------------+
|  11  | Tenant L3 Extended VLAN | 20001 |         | 10.0.11.1/24 |              |                       |        |         |     false      |    false     | provisioned | cfg-in-sync |
+------+-------------------------+-------+---------+--------------+--------------+-----------------------+--------+---------+----------------+--------------+-------------+-------------+
  2. Complete the configuration on SLX as provided in the following example. 
    L1# show running-config router bgp
router bgp
 local-as 4200000000
 capability as4-enable
 fast-external-fallover
 neighbor 10.20.20.3 remote-as 4200000000
 neighbor 10.20.20.3 next-hop-self
 address-family ipv4 unicast
  network 172.31.254.71/32
  network 172.31.254.151/32
  maximum-paths 8
  graceful-restart
 !
 address-family ipv4 unicast vrf ten1vrf1
  redistribute connected
  neighbor 10.40.40.252 remote-as 4200000000
  neighbor 10.40.40.252 next-hop-self
  neighbor 10.40.40.252 password  $9$jrujIQqNxWkAyUOoI4cMtzhc4oP2VGREKwLOsSKH8bw=
  maximum-paths 8
 !
 address-family ipv6 unicast
 !
 address-family ipv6 unicast vrf ten1vrf1
  redistribute connected
  neighbor fd40:4040:4040:1::fe remote-as 4200000000
  neighbor fd40:4040:4040:1::fe next-hop-self
  neighbor fd40:4040:4040:1::fe password $9$jrujIQqNxWkAyUOoI4cMtzhc4oP2VGREKwLOsSKH8bw=
  neighbor fd40:4040:4040:1::fe activate
  maximum-paths 8
 !
 address-family l2vpn evpn
  graceful-restart
 !
!

    L2# show running-config router bgp
router bgp
 local-as 4200000000
 capability as4-enable
 fast-external-fallover
 neighbor 10.20.20.2 remote-as 4200000000
 neighbor 10.20.20.2 next-hop-self
 address-family ipv4 unicast
  network 172.31.254.71/32
  network 172.31.254.195/32
  maximum-paths 8
  graceful-restart
 !
 address-family ipv4 unicast vrf ten1vrf1
  redistribute connected
  neighbor 10.40.40.253 remote-as 4200000000
  neighbor 10.40.40.253 next-hop-self
  neighbor 10.40.40.253 password 
$9$jrujIQqNxWkAyUOoI4cMtzhc4oP2VGREKwLOsSKH8bw=
  maximum-paths 8
 !
 address-family ipv6 unicast
 !
 address-family ipv6 unicast vrf ten1vrf1
  redistribute connected
  neighbor fd40:4040:4040:1::ff remote-as 4200000000
  neighbor fd40:4040:4040:1::ff next-hop-self
  neighbor fd40:4040:4040:1::ff password $9$jrujIQqNxWkAyUOoI4cMtzhc4oP2VGREKwLOsSKH8bw=
  neighbor fd40:4040:4040:1::ff activate
  maximum-paths 8
 !
 address-family l2vpn evpn
  graceful-restart
 !
!
9037632-00 Rev AA