IGP protocol

Mark Tinka mark.tinka at seacom.mu
Sun Nov 18 15:38:09 UTC 2018


On 18/Nov/18 13:13, Nick Hilliard wrote:

>  
>
> one of the few uses for tcp/md5 protection on bgp sessions can be
> found at IXPs where if you have an participant leaving the fabric,
> there will often be leftover bgp sessions configured on other routers
> on the exchange.  Pre-configuring MD5 on BGP sessions will ensure that
> these cannot be used to spoof connectivity to the old network.

Except that exchange point members are notorious for not liking session
MD5 protection in the interest of keeping deployment simple. We made it
mandatory for peers 6 years ago. We had to loosen our stance a year
later :-).

Mark.



More information about the NANOG mailing list