Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configuring LDP message authentication

Configuration of an authentication key on a per LDP session basis is supported to protect against spoofed TCP segments in a connection stream.

The LDP session can be to an adjacent peer (basic discovery) . You must configure both sides of an LDP peer link.
LDP authentication is based upon the TCP MD5 signature option specified in RFC 2385. This RFC defines a new TCP option for carrying an MD5 digest in a TCP segment.
To configure LDP message authentication, enter the following command.

vyatta@R1# set protocols mpls-ldp neighbors neighbor <ip address> md5-password <text> 

The following example shows how to configure an LDP message authentication key named early for the neighbor at IP address

vyatta@R1# set protocols mpls-ldp neighbors neighbor md5-password early