key change for TCP-MD5
Richard A Steenbergen
ras at e-gerbil.net
Sat Jun 24 16:08:44 UTC 2006
On Sat, Jun 24, 2006 at 02:51:57AM -0700, Barry Greene (bgreene) wrote:
>
> At the same time, you are not going to find the SP core swapping out
> their equipment for hardware with crypto chips. SPs do not seem to want
> to pay for this sort of addition. So even new equipment is not getting
> hardware crypto that can be used.
As with everything else, it needs to actually add useful features that
makes a SP's life easier, not just be another vector for an extra line
item and a higher total on the router invoice.
> So a BGP IPSEC option has to work with what hardware we've got deployed
> today - not wishing the community would "just upgrade."
SPs don't see any tangile benefit in BGP IPSEC (and legitimately so), so
this will clearly not be a driving factor for them. I guarantee you if you
solve a real problem (like say authenticating and managing authorized
prefix announcements) and make it faster/better because the router has
hardware crypto available, folks will actually start buying new RPs/etc.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the NANOG
mailing list