[nsp] MD5 causes bigger problem than it fixes?
Niels Bakker
niels=cisco-nsp at bakker.net
Wed Apr 21 18:57:50 EDT 2004
* rubens at email.com (Rubens Kuhl Jr.) [Thu 22 Apr 2004, 00:25 CEST]:
>>>> is there a solution to protect against this issue?
>>> BGP-over-IPSEC ?
>> Same CPU issue as MD5, is it not? For directly connected sessions
>> there's the TTL hack (if Juniper implements it soon too, at least).
> May be, may be not. Needs real testing as well, with both CPU-based
> routers (7200) and routing-engines (GSR GRP, Juniper RE).
As shown in a recent thread on juniper-nsp, IPsec processing for BGP is
done on the routing engine as well and not on an IPsec Service Module
PIC, so not much difference with a complete software router when it
comes to CPU usage. But yes, I'd like to see test results too :)
-- Niels.
--
More information about the cisco-nsp
mailing list