22 Apr
2004
22 Apr
'04
11:55 a.m.
On Thu, 22 Apr 2004, Blaine Christian wrote:
Can I use secondary IP addresses and then BGP with these addresses, this would be a form of "security by obscurity" but providing you can keep the info a secret thats surely going to do it?
It will depend on your architecture in large part. In some cases there is absolutely no need to route the prefixes that you use for your BGP sessions beyond the devices doing BGP. This can reduce your exposure to MD5 related cpu churn etc...
Yes, but (1) its difficult and (2) as these are external sessions I need to ensure my peers are doing the same, as the chances are they wont and the chances are the attack comes in externally then I'm still at risk Steve