nanog mailing list archives
Re: Internet failures over the next 3 years
From: Alex Bligh <amb () gxn net>
Date: Wed, 23 Jun 1999 00:10:53 +0200
- Critical Internet control software and systemsI am not a router vendor, but it seems that adding some sort of auth key to BGP (similar to the auth system of OSPF) wouldn't be all that difficult. You could specify a key for each peer.
In the spirit of Randy Bush: mae-east1#conf t mae-east1(config)#router bgp nnnn mae-east1(config-router)#neighb 1.1.1.1 pass ? <0-7> Encryption type (0 to disable encryption, 7 for proprietary) LINE The password The issue is not how you authenticate an individual neighbor, but how you differentially authenticate the data sent from that peer. That authentication can be deployed manually (we trust that peer entirely so won't filter them down to we require manual prefix-list updates from that peer), but it is difficult to do manually. IRR based filtering has well known problems. There have been a number of suggestions for in-band (i.e. within BGP or at least within router) authentication. I have not yet seen one with no disadvantages. This is not a dissimilar problem to the Usenet2 authenticated news issue - it's not generally the direct peer that's the problem, it's some of the articles/routes they receive indirectly, and mistakenly trust. -- Alex Bligh GX Networks (formerly Xara Networks)
Current thread:
- Internet failures over the next 3 years Sean Donelan (Jun 21)
- Re: Internet failures over the next 3 years Tim Wolfe (Jun 22)
- Re: Internet failures over the next 3 years - slight tangent Andrew Lange (Jun 22)
- Re: Internet failures over the next 3 years - slight tangent Tony Li (Jun 22)
- Re: Internet failures over the next 3 years Alex Bligh (Jun 22)
- Re: Internet failures over the next 3 years Jeremy Porter (Jun 22)
- Re: Internet failures over the next 3 years Tony Li (Jun 22)
- Re: Internet failures over the next 3 years Deepak Jain (Jun 22)
- Re: Internet failures over the next 3 years - slight tangent Andrew Lange (Jun 22)
- <Possible follow-ups>
- Re: Internet failures over the next 3 years Sean Donelan (Jun 26)
- Re: Internet failures over the next 3 years Tim Wolfe (Jun 22)