[nsp] bgp vulnerability?

Dmitry Volkov dmitry.volkov at rogers.com
Thu Apr 22 12:45:32 EDT 2004


Jared,

Sorry, maybe silly question:
What do You mean by "You can run your iBGP in a vrf already" ? -
to put all Internet RT in VRF ?? Is anyone actually doing this ?

Thanks,
Dmitry

> -----Original Message-----
> From: Jared Mauch [mailto:jared at puck.nether.net]
> Sent: Tuesday, April 20, 2004 5:08 PM
> To: Gert Doering
> Cc: Dmitry Volkov; 'Steve Francis'; cisco-nsp at puck.nether.net; 'Don
> Bowman'
> Subject: Re: [nsp] bgp vulnerability?
> 
> 
> On Tue, Apr 20, 2004 at 11:00:30PM +0200, Gert Doering wrote:
> > Hi,
> > 
> > On Tue, Apr 20, 2004 at 04:55:57PM -0400, Dmitry Volkov wrote:
> > > Well I was not asking about operational workarounds - 
> like MD5 And RFC 2827,
> > > etc but rather about vendor's fixes like Checkpoint, IIJ, 
> I'm sure cisco
> > > will come up soon...
> > 
> > A *real* vendor fix would be to completely decouple the 
> control plane
> > from the forwarding plane.
> 
> 	You can run your iBGP in a vrf already, I assume you've
> at least taken this level of securing your devices based on your
> above statement :)
> 
> 	- jared
> 
> -- 
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements 
> are only mine.


More information about the cisco-nsp mailing list