You want to authenticate your BGP peer relationships to help prevent tampering with your routing tables.

The BGP protocol includes an MD5-based authentication system for authenticating peers:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#neighbor 192.168.55.5 password password-1234
Router1(config-router)#exit
Router1(config)#end
Router1#

The same password must be configured on both routers:

Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#router bgp 65501
Router2(config-router)#neighbor 192.168.55.6 remote-as 65500
Router2(config-router)#neighbor 192.168.55.6 password password-1234
Router2(config-router)#exit
Router2(config)#end
Router2#

MD5 authentication is a standard part of BGP Version 4 that was introduced in RFC 2385. The IETF went further in RFC 3013 (which is also called BCP 46) to recommend that “BGP authentication should be used with routing peers” in the public Internet. This language “should be used” indicates a strong recommendation, but not a requirement.

BGP is different than the routing protocols that we discussed in Chapters 6, 7, and 8 because you must explicitly configure the peer relationships between routers. These peers then use point-to-point TCP connections to exchange information. So it is much more difficult ...