IGP protocol

• Previous message (by thread): IGP protocol
• Next message (by thread): IGP protocol
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG <nanog at nanog.org> wrote:

> Is it not possible to protect (just) the eBGP with IPsec?

Not on all gears SPs are deploying. But people doing this.

> I would think that IPsec would provide the desired protection and that
> tuning filters to the proper ports would reduce the overhead that MACsec
> might incur with all traffic being encrypted.

Correct and more important being control-plane only feature, it's
significantly cheaper.

Personally I do trust HMAC-MD5 to offer sufficient security today.

-- 
  ++ytti

• Previous message (by thread): IGP protocol
• Next message (by thread): IGP protocol
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]