[nsp] MD5 causes bigger problem than it fixes?

Niels Bakker niels=cisco-nsp at bakker.net
Wed Apr 21 18:57:50 EDT 2004


* rubens at email.com (Rubens Kuhl Jr.) [Thu 22 Apr 2004, 00:25 CEST]:
>>>> is there a solution to protect against this issue?
>>> BGP-over-IPSEC ?
>> Same CPU issue as MD5, is it not?  For directly connected sessions
>> there's the TTL hack (if Juniper implements it soon too, at least).
> May be, may be not. Needs real testing as well, with both CPU-based
> routers (7200) and routing-engines (GSR GRP, Juniper RE).

As shown in a recent thread on juniper-nsp, IPsec processing for BGP is
done on the routing engine as well and not on an IPsec Service Module
PIC, so not much difference with a complete software router when it
comes to CPU usage.  But yes, I'd like to see test results too :)


	-- Niels.

-- 


More information about the cisco-nsp mailing list