23 Jun
1999
23 Jun
'99
2:23 a.m.
There is already a option in the BGP OPEN message to add authentication on a BGP session. However, the RFC doesn't specify an authenitcation method to use. Of course securing the level 4 BGP session without securing the underlying TCP session is a weakness, so there is a proposal to implement an MD5 TCP authentication method. Does anyone know the status of this proposal?
Please see RFC 2385. There are multiple (interoperable) implementations. All you have to do is turn it on.... Tony