Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

BFD authentication

Authentication for BFD sessions is disabled by default. Ciena recommends the implementation of BFD authentication when you run BFD over multiple hops or through insecure tunnels.

The authentication section in the BFD control packet is optional. Based on the type of authentication, the receiving system determines the validity of the received packet. The receiving system either accepts the packet for further processing or discards it. For authentication to work, both systems in a BFD session must use the same authentication type, authentication keys, and so on.

BFD authentication algorithms include the following:
  • Simple password
  • Keyed MD5
  • Meticulous keyed MD5
  • Keyed SHA1
  • Meticulous keyed SHA1
Simple password authentication involves one or more passwords with corresponding key IDs that are configured in each system that is running BFD. One pair of a password and a key ID is carried in each BFD control packet. The receiving system accepts the packet if the password-key ID pair matches a password-key ID pair configured in that system. The password is a binary character string, and is 1 to 16 bytes in length.
Note: Ciena supports simple password authentication currently.