Introducing support for Bidirectional Forwarding Detection and Message Digest 5 authentication.

IBM Cloud Direct Link allows direct, private connectivity between your infrastructure and both IBM Cloud VPC and IBM classic infrastructure. The speed and reliability of IBM Cloud Direct Link extend your organization’s data center network and offers more consistent, higher-throughput connectivity, keeping traffic within the IBM Cloud network.

Today, we are pleased to announce the general availability of the following new Border Gateway Protocol (BGP) features for both Direct Link Dedicated and Connect offerings.   

Bidirectional Forwarding Detection (BFD) 

BFD quickly detects faults in a network between two routers or switches connected by a link. It provides a single, standardized method for failover detection at any protocol layer over any media. BFD also provides a way for network administrators to detect forwarding-path failures at a uniform rate, rather than the variable rates of different routing protocol hello mechanisms. Network profiling and planning is easier, and reconvergence time is predictable, consistent and significantly faster.

BFD support comes pre-enabled with your direct link. However, BFD doesn’t start working until you activate the feature during direct link creation or on an existing direct link. No prerequisites are required. Simply configure this feature with the following values:

• Interval: The interval is the minimum time (in milliseconds) expected to occur between when the local routing device sends BFD hello packets and the reply from its neighbor. This value can range from 300 to 255,000 milliseconds.
• Multiplier: The multiplier is the number of times that a hello packet is missed before BFD declares the neighbor down. This value can range from 1 to 255. The default multiplier value is 3.

BGP Message Digest 5 (MD5) Authentication

BGP MD5 authentication adds an additional layer of security between two BGP peers by verifying each transmitted message sent through a BGP session. When authentication is activated, BGP authenticates every TCP segment from its peer and checks the source of each routing update. 

Similar to BFD, BGP MD5 authentication is pre-enabled with your direct link. You can configure MD5 authentication during direct link creation or configure MD5 on an existing direct link. You must configure MD5 authentication with the same password on both BGP peers; otherwise, a connection can’t be made between the peers.

Flexibility to update your BGP configuration at any time

Instead of being able to specify a BGP Autonomous System Number (ASN) and IP addresses only during initial configuration, you can now edit these values any time you choose.

Important: Keep in mind that the following tasks result in downtime where traffic is interrupted:

• Activating and deactivating MD5, or rotating MD5 key authentication after a BGP session is established 
• Activating and deactivating BFD after establishing a BGP session
• Modifying BGP ASN and BGP peer IPs after initial configuration

You can use the UI, CLI, API or Terraform to configure BFD and BGP MD5 authentication. For more information about these new features, see Getting started with IBM Cloud Direct Link.