[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD5?

Subject: MD5?
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Fri, 27 Jan 2012 14:59:43 -0500
In-reply-to: <[email protected]>
References: <CABLLS=M6n9Sye_OVeXZ-1a+LCfQ9KBTRFpUpmbhhEY_j6HNXhA@mail.gmail.com> <[email protected]>

On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <sethm at rollernet.us> wrote:
> On 1/27/12 11:26 AM, Brian Stengel wrote:
>> We have a potential customer that is asking for us to enable MD5
>> authentication on a TCP connection between two BGP peers? ?Is this still
>> common practice today? ?Any potential problems or gotchas ?to keep in mind?
>>
>
> Sprint requires it to enable remote triggered blackhole.

lots of folks still use it yes. is it helpful? maybe? maybe not? is
this peering over a shared media (like a 10base-T hub).

You might point out that you'll be enabling this, then promptly
writing the 'secret' on a large whiteboard in your noc... because
chances are the config won't include it in rancid and ... you don't
have a place to store these securely that's not prone also to outages
:(

also, customers wander through your NOC, so...

Follow-Ups:
- MD5?
  - From: jlewis at lewis.org (Jon Lewis)

References:
- MD5?
  - From: bstengel at kinber.org (Brian Stengel)
- MD5?
  - From: sethm at rollernet.us (Seth Mattinen)

Prev by Date: MD5?
Next by Date: interim SIDR meeting at NANOG 54
Previous by thread: MD5?
Next by thread: MD5?
Index(es):
- Date
- Thread