[69958] in North American Network Operators' Group
RE: IP economics morphed into (TCP/RST)
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Thu Apr 22 11:55:49 2004
Date: Thu, 22 Apr 2004 16:55:13 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Blaine Christian <blaine.christian@mci.com>
Cc: nanog@merit.edu
In-Reply-To: <000c01c4287b$5cfe3ab0$948d2799@mcilink.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 22 Apr 2004, Blaine Christian wrote:
>
>
> > Can I use secondary IP addresses and then BGP with these addresses, this
> > would be a form of "security by obscurity" but providing you can keep the
> > info a secret thats surely going to do it?
>
> It will depend on your architecture in large part. In some cases there is
> absolutely no need to route the prefixes that you use for your BGP sessions
> beyond the devices doing BGP. This can reduce your exposure to MD5 related
> cpu churn etc...
Yes, but (1) its difficult and (2) as these are external sessions I need to
ensure my peers are doing the same, as the chances are they wont and the chances
are the attack comes in externally then I'm still at risk
Steve
