If you have dual upstream connections for Internet, traffic shaping would be one of major matter as a network administrator. Especially, company has one big pipe(Tier1) and mid-size connection with Tier2 ISP for redundant reason and those ISPs don't have any connections between. See Pic 1.

The company wants to use all outbound / inbound traffic on their major(big pipe). It's normal and understandable. However, mid-size secondary uplink pull(?) some traffic, even though they put higher preference on main connection. Why?

If you have already read article " Major inbound traffic control problem in real ISP market ", you will know why we need this solution. I should say this is NOT the best solution, but you might have this option on your mind in case it's feasible. This option won't fit on certain network condition. I will tell you why through below example.

Well, in these days, not many people want to setup BGP MD5 for security concerns. Back in 2005, after some guy reported a threat on BGP sessions with ISP. There were rush to setup MD5.

Actually, the MD5 authentication is not on the BGP session. The authentication is on the TCP session. It provides a method by which each of the TCP peers is able to verify with a higher degree of certainty that packets apparently received from the TCP peer actually originated from the TCP peer. This keeps packets which are spoofed into the session from being used as valid packets in the session, so providing another layer of security to the eBGP session.

Below configuration is sample of MD 5 on Juniper router

Well, in these days, not many people want to setup BGP MD5 for security concerns. Back in 2005, after some guy reported a threat on BGP sessions with ISP. There were rush to setup MD5.

Actually, the MD5 authentication is not on the BGP session. The authentication is on the TCP session. It provides a method by which each of the TCP peers is able to verify with a higher degree of certainty that packets apparently received from the TCP peer actually originated from the TCP peer. This keeps packets which are spoofed into the session from being used as valid packets in the session, so providing another layer of security to the eBGP session.

Below configuration is sample of MD 5 on Juniper router