On Apr 21, 2004, at 12:51 AM, Michel Py wrote:
b) A specific-to-the-peer route-map to filter the routes I receive from the peer to the peer's blocks, as agreed in the beer drinking meeting ^H^H^H^H BLPA. This route map is not entirely specific, as I also put in stuff such as deny RFC1918 routes ;-)
No medium or large network filters their peers on prefix. And very few small networks do either. Prefix count, maybe, but not individual prefixes. There are far too many changes on far too many peers per day to keep up. Not to mention far, far, far too many chances to screw up and get the dreaded phone call in the middle of the night.
Now, the dumb question: Given: 1) The context above especially item b
Since item b) is no longer given, your question is invalid.
2) Christopher Morrow's comments below Explain me what having or not having the MD5 password changes. Either you're small and/or stupid and do it manually, or you have an automated system that does it for you.
Christopher L. Morrow wrote: there is the issue of changing the keys during operations without impacting the network, eh? Having to bounce every bgp session in your network can be pretty darned painful... if you change the key(s) of course.
See above: Changing the route-map is equally painful.
See above: Networks do not filter as per item b). Since that is "equally painful", I guess they should not change the route-map or MD5 password either. Hrmmmm, someone is again proving my point for me....
If you don't you might as well not have keys, since adding the 3 lines of C code required to Paul Watsons' program making it do the hashing certainly won't be a big deal, eh?
I'm weak with C. Besides adding "neighbor x.x.x.x password 7 " below "enable-password 7 " for each peer (which requires recompiling, how annoying) would you care sharing the 3 said lines for the code below :-)
I think you miss the point here. Or maybe I did. It's late, instead of possibly misinterpreting another person's post, I'll let Chris explain it himself. -- TTFN, patrick