Alex Bligh> Hmmm.. fragile world we live in. Paul Ferguson> That's what BGP peer authentication is for. :-) Ah. It's all one huge silliness. There is a $0.02 fix for the "routing security" problem -- use a logically separate network for exchanging routing and network monitoring information. That solution will be 100 years old next afternoon. Routing updates must _not_ be encapsulated in routable datagrams. That much, people who did GGP got right. (That breaks iBGP hack, of course, but that hack is a horrible kludge anyway, brought to us by silly IGPs which have no provisions for preserving exterior route information. Somehow no meaningful IGP work is done to fix that. Instead everybody is playing EiTeeEem and ReeSeeVeePeee and other kinds of cluelessness.) It does not make any sense to use any other authentication but the fact that there's a physical connection between boxes. If somebody can hack _that_, he can do so many other nasty things that routing security is hardly relevant. Internet is in a desperate need of sanity. The latest IETF convinced me there's not going to be any any time soon. It's a scary world we live in. --vadim