It's is a kind of useless things. If you allow spoofing., you are voluranable to the DoS attacks against BGP; if you are not, no need to use MD5 for BGP.

Actually, I can think of more than a few configurations where this isn't true. For example, shared-media exchange points where multiple networks reside on a single segment and eBGP peer using the address of the segment. The IP network number is associated only with the interface, there's no individual hardware/IP address relationship relative to anti-spoofing here.

And DoS attack is the reality, not BGP spoofings (may be you know any such case? I do not know any).

Agreed, it's purpose is more so to protect against DoS type stuff at the TCP layer.

For IS-IS and OSPF, just other matter. They are working over the LAN, and customers and internal users are often plugged into this network. So, authentication is necessary to prevent both errors and intrusions (and the anty-error measures are much more inmportant in such networks).

However, I think we'd both agree that a configuration such as this (IGP being enabled on customer facing interfaces) is ill-advised.

Just again, I know a lot of cases when IGP was broken by error (someone installed new server and turned OSPF on), but I does not know any attacks of this kind (but I believe there are such cases for IGP protocols). Throgh, to defent against such attacks originated from IGP, you need a lot of things be used (non Redirect, static ARYP, etc etc).

Agreed. -danny