nanog mailing list archives
Re: IGP protocol
From: Mark Tinka <mark.tinka () seacom mu>
Date: Sun, 18 Nov 2018 17:38:09 +0200
On 18/Nov/18 13:13, Nick Hilliard wrote:
one of the few uses for tcp/md5 protection on bgp sessions can be found at IXPs where if you have an participant leaving the fabric, there will often be leftover bgp sessions configured on other routers on the exchange. Pre-configuring MD5 on BGP sessions will ensure that these cannot be used to spoof connectivity to the old network.
Except that exchange point members are notorious for not liking session MD5 protection in the interest of keeping deployment simple. We made it mandatory for peers 6 years ago. We had to loosen our stance a year later :-). Mark.
Current thread:
- Re: IGP protocol, (continued)
- Re: IGP protocol Baldur Norddahl (Nov 14)
- SV: IGP protocol Gustav Ulander (Nov 14)
- Re: IGP protocol James Bensley (Nov 15)
- Re: IGP protocol Alain Hebert (Nov 13)
- Re: IGP protocol Saku Ytti (Nov 13)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Alfie Pates (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Nick Hilliard (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Grant Taylor via NANOG (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 19)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Jay Nugent (Nov 16)