IGP protocol
Saku Ytti
saku at ytti.fi
Sun Nov 18 19:24:22 UTC 2018
On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG <nanog at nanog.org> wrote:
> Is it not possible to protect (just) the eBGP with IPsec?
Not on all gears SPs are deploying. But people doing this.
> I would think that IPsec would provide the desired protection and that
> tuning filters to the proper ports would reduce the overhead that MACsec
> might incur with all traffic being encrypted.
Correct and more important being control-plane only feature, it's
significantly cheaper.
Personally I do trust HMAC-MD5 to offer sufficient security today.
--
++ytti
More information about the NANOG
mailing list