- Previous message: Nathan Anderson/FSR: "AS 7018 BGP blackhole / AT&T contact sought"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Randy Bush (no email)
Date: Mon Nov 05 2007 - 18:52:07 EST
at the end of nanog, i sent two messages.
<http://www.merit.edu/mail.archives/nanog/msg03741.html> was a
minor side note re 204/4 , about which we can all really do nothing
for many years. it engendered the thread from hell.
<http://www.merit.edu/mail.archives/nanog/msg03735.html> was
regarding getting vendors to implement rfc 4808, about which we can
do something, and which i think would be rather useful in actual
operation of our networks. not a single comment ensued.
the key chunk of the latter is
> at nanog san jose, steve bellovin presented a simple proposal for bgp
> tcp/md5 re-keying. it is now rfc 4808 "Key Change Strategies for
> TCP-MD5." this allows us to install and/or roll keys without disturbing
> the bgp session. and it is trivial for vendors to implement and for
> operators to use.
>
> imiho, until it is easy for us to use ipsec, or some other wonderful
> universal solution, that we implement and deploy rfc 4808. it will
> solve 95% of our problem for the next five years while more
> sophisticated scheme(s) can be developed.
i again plead for folk to look at rfc 4808 and consider whacking
our vendors to implement.
randy
|
|
|