North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: key change for TCP-MD5
- From: Richard A Steenbergen
- Date: Sat Jun 24 12:10:06 2006
On Sat, Jun 24, 2006 at 02:51:57AM -0700, Barry Greene (bgreene) wrote:
> At the same time, you are not going to find the SP core swapping out
> their equipment for hardware with crypto chips. SPs do not seem to want
> to pay for this sort of addition. So even new equipment is not getting
> hardware crypto that can be used.
As with everything else, it needs to actually add useful features that
makes a SP's life easier, not just be another vector for an extra line
item and a higher total on the router invoice.
> So a BGP IPSEC option has to work with what hardware we've got deployed
> today - not wishing the community would "just upgrade."
SPs don't see any tangile benefit in BGP IPSEC (and legitimately so), so
this will clearly not be a driving factor for them. I guarantee you if you
solve a real problem (like say authenticating and managing authorized
prefix announcements) and make it faster/better because the router has
hardware crypto available, folks will actually start buying new RPs/etc.
Richard A Steenbergen <firstname.lastname@example.org> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)