BGP routing peering with password authentication

BGP routing peering with password authentication not working in quagga in OpenWrt. Below is the configuration of BGP in quagga.

conf t
router bgp 64664
neighbor remote-as 64664
neighbor password abc@123

cat /etc/quagga/bgpd.conf

! Zebra configuration saved from vty
!   2020/11/25 14:04:39
password zebra
router bgp 64664
 bgp router-id
 neighbor remote-as 64664
 neighbor password abc@123
 address-family ipv6
access-list vty permit
access-list vty deny any
line vty
 access-class vty

Please give me a solution. Thanks in advance.

I'm not that sharp on BGP or Quagga...but I notice I don't see your AS.

If you remove the authentication from both peers is it working fine?

1 Like

yes, it works fine

For what it's worth neighbor password is still not documented.
So maybe it is not implemented yet properly. The easiest way to troubleshoot is to debug the packets or capture them with tcpdump.
In any case there is nothing OpenWrt can do here, as quagga is just a package without any special instructions or configuration files.

So please suggest me some other package for BGP.

can you help me with this solution?

You could do a search in the available packages for the bgp keyword. This seems to support it, but I have never used it.

bird2 - 2.0.7-3 - BIRD is an internet routing daemon which manages TCP/IP routing tables
with support of modern routing protocols, easy to use configuration
interface and powerful route filtering language. It is lightweight and
efficient and therefore appropriate for small embedded routers.
BIRD supports OSPFv2, RIPv2, Babel and BGP protocols for IPv4 and
OSPFv3, RIPng, Babel and BGP protocols for IPv6.
In BGP, BIRD supports communities, multiprotocol extensions, MD5
authentication, 32bit AS numbers and could act as a route server or a
route reflector. BIRD also supports multiple RIBs, multiple kernel
routing tables and redistribution between the protocols with a powerful
configuration syntax.
This is the 2.0 branch of Bird which integrates support for IPv4 and IPv6
into a single branch, and also adds support for the Babel routing protocol.

BGP auth is based on a tcp option. It requires a kernel built with CONFIG_TCP_MD5SIG. I don't think OpenWrt enables that by default.

1 Like

Is this solution works in quagga package?
Is this solution works in bird package?

I assume both. They both need this implemented on the TCP stack level. But as long as that is in place, then it's not much code on the userplane side.

BGP auth works fine with quagga on Linux. Using it on plenty of servers peering with mostly Juniper MXes. I haven't tried it on OpenWrt, but that's "just another" Linux distro so it should definitely work.

I have no experience with BIRD, but I'd be very surprised if it didn't support this as well. It is pretty much a prerequisite for any BGP peering nowadays.

1 Like

thank you so much @bmork
it worked.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.