On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <sethm@rollernet.us> wrote:
On 1/27/12 11:26 AM, Brian Stengel wrote:
We have a potential customer that is asking for us to enable MD5 authentication on a TCP connection between two BGP peers? Is this still common practice today? Any potential problems or gotchas to keep in mind?
Sprint requires it to enable remote triggered blackhole.
lots of folks still use it yes. is it helpful? maybe? maybe not? is this peering over a shared media (like a 10base-T hub). You might point out that you'll be enabling this, then promptly writing the 'secret' on a large whiteboard in your noc... because chances are the config won't include it in rancid and ... you don't have a place to store these securely that's not prone also to outages :( also, customers wander through your NOC, so...