nanog mailing list archives

Re: IGP protocol

From: Mark Tinka <mark.tinka () seacom mu>
Date: Sun, 18 Nov 2018 17:38:09 +0200



On 18/Nov/18 13:13, Nick Hilliard wrote:

 

one of the few uses for tcp/md5 protection on bgp sessions can be
found at IXPs where if you have an participant leaving the fabric,
there will often be leftover bgp sessions configured on other routers
on the exchange.  Pre-configuring MD5 on BGP sessions will ensure that
these cannot be used to spoof connectivity to the old network.


Except that exchange point members are notorious for not liking session
MD5 protection in the interest of keeping deployment simple. We made it
mandatory for peers 6 years ago. We had to loosen our stance a year
later :-).

Mark.

Current thread:

Re: IGP protocol, (continued)
- - - Re: IGP protocol Baldur Norddahl (Nov 14)
    - SV: IGP protocol Gustav Ulander (Nov 14)
    - Re: IGP protocol James Bensley (Nov 15)
  - Re: IGP protocol Alain Hebert (Nov 13)
    - Re: IGP protocol Saku Ytti (Nov 13)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Alfie Pates (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Nick Hilliard (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Grant Taylor via NANOG (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 19)
- Re: IGP protocol im (Nov 14)
  - Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Tashi Phuntsho (Nov 14)
- Re: IGP protocol Randy Bush (Nov 16)
  - Re: IGP protocol Jay Nugent (Nov 16)

(Thread continues...)