[nsp] MD5 causes biggern problem than it fixes?

David J. Hughes bambi at Hughes.com.au
Fri Apr 23 00:30:50 EDT 2004


> Security through obscurity seems like it might do the trick.
> 
> Lane Patterson's post to NANOG presents an idea.  Put secondary
> addresses on interfaces across which you are doing BGP.  Peer using
> the secondary addresses.
> 
> ...
>
> Hrmm... how many outages will that cause due to increased 
> configuration
> complexity?  How many backbone carriers will agree to do this?
> Further research is left as an excercise for the reader...


You could just configure the peer to use your router's loopback address
and have your upstream static the loopback via the connected interface
address.  The peer session doesn't need to be obscured at both ends to
make this work - one end will do just fine.  The upstream will also have
to flag it as "ebgp multihop 2" as it's nolonger directly connected.


Bambi
...




More information about the cisco-nsp mailing list