IGP protocol

Nick Hilliard nick at foobar.org
Sun Nov 18 11:13:12 UTC 2018

Saku Ytti wrote on 18/11/2018 10:59:
> AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care
> about. But for iBGP I consider this a problem:

one of the few uses for tcp/md5 protection on bgp sessions can be found 
at IXPs where if you have an participant leaving the fabric, there will 
often be leftover bgp sessions configured on other routers on the 
exchange.  Pre-configuring MD5 on BGP sessions will ensure that these 
cannot be used to spoof connectivity to the old network.


More information about the NANOG mailing list