18 Nov
2018
18 Nov
'18
2:24 p.m.
On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG <nanog@nanog.org> wrote:
Is it not possible to protect (just) the eBGP with IPsec?
Not on all gears SPs are deploying. But people doing this.
I would think that IPsec would provide the desired protection and that tuning filters to the proper ports would reduce the overhead that MACsec might incur with all traffic being encrypted.
Correct and more important being control-plane only feature, it's significantly cheaper. Personally I do trust HMAC-MD5 to offer sufficient security today. -- ++ytti