MD5?

Christopher Morrow morrowc.lists at gmail.com
Fri Jan 27 19:59:43 UTC 2012


On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <sethm at rollernet.us> wrote:
> On 1/27/12 11:26 AM, Brian Stengel wrote:
>> We have a potential customer that is asking for us to enable MD5
>> authentication on a TCP connection between two BGP peers?  Is this still
>> common practice today?  Any potential problems or gotchas  to keep in mind?
>>
>
> Sprint requires it to enable remote triggered blackhole.

lots of folks still use it yes. is it helpful? maybe? maybe not? is
this peering over a shared media (like a 10base-T hub).

You might point out that you'll be enabling this, then promptly
writing the 'secret' on a large whiteboard in your noc... because
chances are the config won't include it in rancid and ... you don't
have a place to store these securely that's not prone also to outages
:(

also, customers wander through your NOC, so...




More information about the NANOG mailing list