North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Winstar says there is no TCP/BGP vulnerability
- From: Patrick W.Gilmore
- Date: Wed Apr 21 11:14:15 2004
On Apr 21, 2004, at 10:38 AM, Jared Mauch wrote:
On Wed, Apr 21, 2004 at 10:19:10AM -0400, Patrick W.Gilmore wrote:
Yes, it generates more work to update the database,
but OTOH it provides the LIII engineer with a lot more to
troubleshoot
issues. Is it simply not worth the work at your scale?
Exactly.
And you do not have to be at 701's scale for this to not work.
We've not had these issues and have been using
bgp passwords/md5 for years. We do have a fancy configuration
managment system in place, whereby people put things into the
database first before they configure the router.
Sorry, in this particular post, we were (or at least I was) talking
about having prefix filters for all your peers. I know I've talked a
lot about MD5 lately, just thought it would be a nice change of
subject. :)
If you do prefix filter all your peers, that is impressive. Do you get
out of sync a lot? Does it help keep the network more stable? Or do
process problems make it worse than just max-prefixes on a peer?
--
TTFN,
patrick
|
