On Fri, Jan 27, 2012 at 3:32 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Christopher Morrow wrote:
lots of folks still use it yes. is it helpful? maybe? maybe not? is this peering over a shared media (like a 10base-T hub).
You might point out that you'll be enabling this, then promptly writing the 'secret' on a large whiteboard in your noc... because chances are the config won't include it in rancid and ... you don't have a place to store these securely that's not prone also to outages :(
also, customers wander through your NOC, so...
All that may be true, but still, the random hacker in Romania who wants in on their BGP session won't know the secret...probably.
1) that person doesn't exist 2) they need a LOT more info about what's going on anyway 3) I bet they will get a copy of the config from at least: a) vendor data sources b) ebay purchases of gear c) pwning a noc-worker and getting things done from there. There are far better ways to skin this cat.