[69358] in North American Network Operators' Group
Re: BGP TTL check in 12.3(7)T
daemon@ATHENA.MIT.EDU (vijay gill)
Thu Apr 8 10:42:19 2004
Date: Thu, 8 Apr 2004 14:41:29 +0000
From: vijay gill <vgill@vijaygill.com>
To: Hank Nussbacher <hank@att.net.il>
Cc: nanog@merit.edu
In-Reply-To: <5.1.0.14.2.20040408112953.00b0b618@max.att.net.il>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, Apr 08, 2004 at 11:30:38AM +0200, Hank Nussbacher wrote:
>
> <http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/prod_bulletin09186a00801abfda.html#wp55584>
>
> From Dave Meyer's NANOG 27 presentation:
> http://www.nanog.org/mtg-0302/hack.html
>
> Not bad - Feb 2003 till April 2004 to code, test and implement a change
> driven by NANOG :-)
>
> Interesting that it is listed under the Routing enhancements and not under
> the Security enhancements of 12.3(7)T.
The TTL mechanism is just a way to distinguish at low cost between
good for_us traffic and junk. So more of a classifer than a security
layer, though it can be argued both ways. And even though it
does have security in the title, it is _not_ a panacea for "securing"
bgp or any routing information.
http://www.faqs.org/rfcs/rfc3682.html
/vijay
/vijay
