route authentication

Joshua Wright Joshua.Wright at jwu.edu
Tue Jun 4 14:35:40 UTC 2002


I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
auth for BGP, but have been unsuccessful so far.  The most difficult
challenge I face there is convincing people of the "need" with the lack of a
published exploit that the MD5 authentication would prevent.

So much for best practices. <sigh>

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright at jwu.edu 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

> -----Original Message-----
> From: Barbara Fraser [mailto:byfraser at cisco.com]
> Sent: Monday, June 03, 2002 7:48 PM
> To: nanog at merit.edu
> Subject: route authentication
> 
> 
> 
> I'm wondering just how many ISPs are using HMAC-MD5 to 
> authenticate IS-IS 
> route advertisements within their ASs,  or MD5 on BGP peering 
> sessions? I 
> don't need a real number, just a sense of the community. Is usage 
> increasing? is it dead? is it regional? etc. Any anecdotal 
> info you have is 
> appreciated. I don't need names of ISPs, just whether or not these 
> technologies are being used.
> 
> thanks,
> Barbara
> Barbara Fraser
> Consulting Engineer
> Cisco Systems, Inc.
> Phone: +1 (408) 525-1735
> 



More information about the NANOG mailing list