nanog mailing list archives
Re: md5 for bgp tcp sessions
From: Joe Abley <jabley () isc org>
Date: Thu, 23 Jun 2005 10:52:35 -0400
On 2005-06-23, at 09:57, Eric Gauthier wrote:
likely need to make modifications to our IGP/EGP setup. Though we filterOSPF multicast traffic, we wanted to add in MD5 passwords to our neighbors.just a quick comment here. i would encourage you not to do that.Honestly, I completely agree with you that MD5'ing our OSPF adjacencies isn'ta great idea (I've so far stalled its roll-out).
Just in case it's not obvious to any onlookers here, Eric was talking about using MD5 authentication in OSPF adjacencies, and Todd is talking about using the TCP MD5 signature option (RFC2385) between BGP peers.
They are two different things (although they both involve routing protocols and the MD5 algorithm): not all arguments for or against one will apply to the other.
Joe
Current thread:
- md5 for bgp tcp sessions Todd Underwood (Jun 22)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)
- Re: md5 for bgp tcp sessions Patrick W. Gilmore (Jun 22)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 23)
- Re: md5 for bgp tcp sessions Eric Gauthier (Jun 23)
- Re: md5 for bgp tcp sessions Joe Abley (Jun 23)
- Re: md5 for bgp tcp sessions Robert E . Seastrom (Jun 23)
- <Possible follow-ups>
- RE: md5 for bgp tcp sessions Barry Greene (bgreene) (Jun 23)
- RE: md5 for bgp tcp sessions Hannigan, Martin (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)