9412 Nokia Network Voyager for IPSO 4.0 Reference GuideThe TCP MD5 option allows BGP to protect itself against the introduction of spoofed TCPsegments into the connection stream. To spoof a connection using MD5 signed sessions, theattacker not only has to guess TCP sequence numbers, but also the password included in theMD5 digest.NoteTCP MD5 authentication is not available for BGP session over IPv6.BGP Support for Virtual IP for VRRPThe Nokia IPSO implementation of BGP supports advertising the virtual IP address of theVRRP virtual router. You can force a route to use the virtual IP address as the local endpoint forTCP connections for a specified internal or external peer autonomous system. You must alsoconfigure a local address for that autonomous system for the VRRP virtual IP option to function.Only the VRRP master establishes BGP sessions. For more information on VRRP, see “VRRPOverview” on page 183.NoteYou must use monitored-circuit VRRP when configuring virtual IP support for BGP or anyother dynamic routing protocol. Do not use VRRPv2 when configuring virtual IP support forBGP.NoteBGP support for advertising the virtual IP address of the VRRP virtual router is onlyavailable for IPv4 BGP sessions, not for IPv6. In a VRRPv2 pair, if you select the VirtualAddress option on the Advanced BGP page, it affect only IPv4 BGP peers. In a VRRPv3pair, this option is not available for IPv6 BGP peers.Perform the following procedure to configure an a peer autonomous system, corresponding localaddress, and to enable support for virtual IP for VRRP.1. Click BGPs under Configuration > Routing Configuration in the tree view.2. Enter a value between 1 and 65535 in the Peer Autonomous System Number edit box.3. Click the Select the peer group type drop-down list and click either Internal or External.If the peer autonomous system number is different from the local autonomous system of thisrouter, click External.If the peer autonomous system number is the same as that of the local autonomous system ofthis router, click Internal. You must also select Internal if the local autonomous system ispart of a confederation. For more information on confederations, see “Confederations” onpage 409.4. Click Apply.5. Click the Advanced BGP Options link on the BGP page.