North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: bgp protection
- From: Randy Bush
- Date: Tue Nov 06 17:54:46 2007
at the end of nanog, i sent two messages.
<http://www.merit.edu/mail.archives/nanog/msg03741.html> was a
minor side note re 204/4 , about which we can all really do nothing
for many years. it engendered the thread from hell.
<http://www.merit.edu/mail.archives/nanog/msg03735.html> was
regarding getting vendors to implement rfc 4808, about which we can
do something, and which i think would be rather useful in actual
operation of our networks. not a single comment ensued.
the key chunk of the latter is
> at nanog san jose, steve bellovin presented a simple proposal for bgp
> tcp/md5 re-keying. it is now rfc 4808 "Key Change Strategies for
> TCP-MD5." this allows us to install and/or roll keys without disturbing
> the bgp session. and it is trivial for vendors to implement and for
> operators to use.
>
> imiho, until it is easy for us to use ipsec, or some other wonderful
> universal solution, that we implement and deploy rfc 4808. it will
> solve 95% of our problem for the next five years while more
> sophisticated scheme(s) can be developed.
i again plead for folk to look at rfc 4808 and consider whacking
our vendors to implement.
randy
|
