[149044] in North American Network Operators' Group
Re: MD5?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Jan 27 15:00:33 2012
In-Reply-To: <4F230041.5020701@rollernet.us>
Date: Fri, 27 Jan 2012 14:59:43 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Seth Mattinen <sethm@rollernet.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <sethm@rollernet.us> wrote:
> On 1/27/12 11:26 AM, Brian Stengel wrote:
>> We have a potential customer that is asking for us to enable MD5
>> authentication on a TCP connection between two BGP peers? =A0Is this sti=
ll
>> common practice today? =A0Any potential problems or gotchas =A0to keep i=
n mind?
>>
>
> Sprint requires it to enable remote triggered blackhole.
lots of folks still use it yes. is it helpful? maybe? maybe not? is
this peering over a shared media (like a 10base-T hub).
You might point out that you'll be enabling this, then promptly
writing the 'secret' on a large whiteboard in your noc... because
chances are the config won't include it in rancid and ... you don't
have a place to store these securely that's not prone also to outages
:(
also, customers wander through your NOC, so...
