[91888] in North American Network Operators' Group
Re: GTSM - Do you use it?
daemon@ATHENA.MIT.EDU (Richard A Steenbergen)
Thu Aug 17 21:08:38 2006
Date: Thu, 17 Aug 2006 21:08:00 -0400
From: Richard A Steenbergen <ras@e-gerbil.net>
To: Merike Kaeo <kaeo@merike.com>
Cc: John Smith <jsmith4112003@yahoo.co.uk>,
Pekka Savola <pekkas@netcore.fi>, nanog@merit.edu
In-Reply-To: <4E668905-8F87-4E90-9209-EF13DD4BF3E5@merike.com>
Errors-To: owner-nanog@merit.edu
On Thu, Aug 17, 2006 at 05:14:57PM -0700, Merike Kaeo wrote:
>
> I don't think that's a fair assumption. A few providers I talked to
> for a security current practiced document I am writing said they were
> deploying it between BGP peers and I recently asked for more
> clarification from some individuals to ensure I had correct info with
> respect to vendors. There is some support in some J boxes and also
> support in C boxes. I didn't get specific detail how it was
> deployed, just that is was.
Juniper only suports GTSM on Gibson-based architectues (which is T640,
T320, M320, and M120 today). Cisco only supports GTSM in a meaningful way
on IOS XR on CRS-1. All IOS based platforms still check MD5 before TTL,
and only do TTL checks in software, making it worthless for anything other
than deploying it on sessions today and maybe making it do something
useful tomorrow. I think XR on GSR support is limited too, but nobody runs
that in production anyways. :)
And no, nobody seriously deploys GTSM today in any kind of scale. AFAIK no
other vendors support it yet either, so requiring it on sessions is a
non-starter.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
