BGP is different than the other routing protocols (EIGRP,OSPF) because you must explicitly configure the peer relationships between routers. These peers then use point-to-point TCP connections to exchange information. So it is much more difficult for a malicious user to surreptitiously establish a peer relationship with one of your routers and corrupt your routing tables. But it is still possible to hijack an existing TCP connection between two BGP peers and inject bad routes. And if the attackers are on the same network segment as one of the peers, they can potentially hijack the IP address of the legitimate peer and set up a new BGP session.
With authentication, this type of attack is considerably more difficult. This is because the attacker must not only get the TCP sequence numbers right, but he must also insert the correct encrypted authentication key.
Configuring BGP Authentication on Cisco IOS:
Border Gateway Protocol (BGP) supports authentication mechanism using Message Digest 5 (MD5) algorithm. When authentication is enabled, any Transmission Control Protocol (TCP) segment belonging to BGP exchanged between the peers is verified and accepted only if authentication is successful. For authentication to be successful, both the peers must be configured with the same password. If authentication fails, the BGP neighbor relationship is not be established.
BGP uses TCP authentication, which enables the authentication option and sends the Message Authentication Code (MAC) based on the cryptographic algorithm configured for the keychain.The routing protocols each support a different set of cryptographic algorithms, Border Gateway Protocol (BGP) supports only HMAC-MD5 and HMAC-SHA1-12.
In Cisco NX-OS, when neighbor authentication is configured, the BGP key is 3DES encrypted in the configuration. Cisco IOS Software requires the service password command to encrypt the password in the configuration.