nanog mailing list archives

Re: IGP protocol

From: Saku Ytti <saku () ytti fi>
Date: Sun, 18 Nov 2018 21:24:22 +0200

On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG <nanog () nanog org> wrote:

Is it not possible to protect (just) the eBGP with IPsec?


Not on all gears SPs are deploying. But people doing this.

I would think that IPsec would provide the desired protection and that
tuning filters to the proper ports would reduce the overhead that MACsec
might incur with all traffic being encrypted.


Correct and more important being control-plane only feature, it's
significantly cheaper.

Personally I do trust HMAC-MD5 to offer sufficient security today.

-- 
  ++ytti

Current thread:

Re: IGP protocol, (continued)
- - - Re: IGP protocol James Bensley (Nov 15)
  - Re: IGP protocol Alain Hebert (Nov 13)
    - Re: IGP protocol Saku Ytti (Nov 13)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Alfie Pates (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Nick Hilliard (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Grant Taylor via NANOG (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 19)
- Re: IGP protocol im (Nov 14)
  - Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Tashi Phuntsho (Nov 14)
- Re: IGP protocol Randy Bush (Nov 16)
  - Re: IGP protocol Jay Nugent (Nov 16)
    - Re: IGP protocol Matt Erculiani (Nov 16)
    - Re: IGP protocol Job Snijders (Nov 16)

(Thread continues...)