[70001] in North American Network Operators' Group
Re: Juniper failes to change keys (More MD5 fun: Cisco uses wrong
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Apr 24 17:32:53 2004
Date: Sat, 24 Apr 2004 17:32:16 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: sthaug@nethelp.no
Cc: nanog@merit.edu
In-Reply-To: <61630.1082839618@bizet.nethelp.no>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 24 Apr 2004 sthaug@nethelp.no wrote:
> But as long as the session *is* reset anyway, the current situation is
> extremely confusing - the log messages (on both Cisco and Juniper) give
> no indication that the invalid key in question is for an *old* BGP
> session, no longer active!
That's why I hope Juniper will fix their implementation not to reset
the session and to stop using an old key. Once the key is changed, all
new packets (including new packets for old sessions) should use the new
key, not the old key.
You think the bug is on Cisco's side, I think the bug is on Juniper's
side. Hence interoperability.
