[91014] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Richard A Steenbergen)
Sat Jun 24 12:09:17 2006
Date: Sat, 24 Jun 2006 12:08:44 -0400
From: Richard A Steenbergen <ras@e-gerbil.net>
To: "Barry Greene (bgreene)" <bgreene@cisco.com>
Cc: Bora Akyol <bora@broadcom.com>, Valdis.Kletnieks@vt.edu,
Ross Callon <rcallon@juniper.net>, nanog@merit.edu
In-Reply-To: <C35ADD020AEBD04383C1F7F644227FDF01F45ACF@xmb-sjc-227.amer.cisco.com>
Errors-To: owner-nanog@merit.edu
On Sat, Jun 24, 2006 at 02:51:57AM -0700, Barry Greene (bgreene) wrote:
>
> At the same time, you are not going to find the SP core swapping out
> their equipment for hardware with crypto chips. SPs do not seem to want
> to pay for this sort of addition. So even new equipment is not getting
> hardware crypto that can be used.
As with everything else, it needs to actually add useful features that
makes a SP's life easier, not just be another vector for an extra line
item and a higher total on the router invoice.
> So a BGP IPSEC option has to work with what hardware we've got deployed
> today - not wishing the community would "just upgrade."
SPs don't see any tangile benefit in BGP IPSEC (and legitimately so), so
this will clearly not be a driving factor for them. I guarantee you if you
solve a real problem (like say authenticating and managing authorized
prefix announcements) and make it faster/better because the router has
hardware crypto available, folks will actually start buying new RPs/etc.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
