Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: route authentication

  • From: Sean Donelan
  • Date: Tue Jun 04 03:44:19 2002


On Mon, 3 Jun 2002, Barbara Fraser wrote:
> I'm wondering just how many ISPs are using HMAC-MD5 to authenticate IS-IS
> route advertisements within their ASs,  or MD5 on BGP peering sessions? I
> don't need a real number, just a sense of the community. Is usage
> increasing? is it dead? is it regional? etc. Any anecdotal info you have is
> appreciated. I don't need names of ISPs, just whether or not these
> technologies are being used.

Some ISPs are practically religious about using them, usually the result
of a single person at the ISP pushing it.  But for the most part it hasn't
really taken hold in the professional security consulting field. They are
still stuck on stuff like turning off classless (CIDR) IP routing and
source routing because the NSA said so.  My experience (before this
spring) was a handful of ISPs (single digits) regularly used MD5 on their
routers for BGP routing.  On a case by case basis you can get most ISPs
to setup MD5 on your particular BGP session, once you found the right
engineer.  But it was rarely included as part of the default
configuration, and therefor rarely done.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.