[nsp] bgp vulnerability?
Dmitry Volkov
dmitry.volkov at rogers.com
Thu Apr 22 12:45:32 EDT 2004
Jared,
Sorry, maybe silly question:
What do You mean by "You can run your iBGP in a vrf already" ? -
to put all Internet RT in VRF ?? Is anyone actually doing this ?
Thanks,
Dmitry
> -----Original Message-----
> From: Jared Mauch [mailto:jared at puck.nether.net]
> Sent: Tuesday, April 20, 2004 5:08 PM
> To: Gert Doering
> Cc: Dmitry Volkov; 'Steve Francis'; cisco-nsp at puck.nether.net; 'Don
> Bowman'
> Subject: Re: [nsp] bgp vulnerability?
>
>
> On Tue, Apr 20, 2004 at 11:00:30PM +0200, Gert Doering wrote:
> > Hi,
> >
> > On Tue, Apr 20, 2004 at 04:55:57PM -0400, Dmitry Volkov wrote:
> > > Well I was not asking about operational workarounds -
> like MD5 And RFC 2827,
> > > etc but rather about vendor's fixes like Checkpoint, IIJ,
> I'm sure cisco
> > > will come up soon...
> >
> > A *real* vendor fix would be to completely decouple the
> control plane
> > from the forwarding plane.
>
> You can run your iBGP in a vrf already, I assume you've
> at least taken this level of securing your devices based on your
> above statement :)
>
> - jared
>
> --
> Jared Mauch | pgp key available via finger from jared at puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements
> are only mine.
More information about the cisco-nsp
mailing list