[j-nsp] Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?
Andrew Gallo
akg1330 at gmail.com
Wed Sep 27 11:14:06 EDT 2023
I only know of one production eBGP deployment (prove me wrong!)
https://labs.ripe.net/author/andrew-gallo/production-deployment-of-tcp-authentication-option/
Happens to be between two routers that I control (but it's still eBGP)
I'd love to hear about more deployments
There is a github repo with some interop results and config examples
https://github.com/TCP-AO/
Please share your experiences
On 9/27/2023 10:56 AM, Michael Hare via juniper-nsp wrote:
> FWIW, I deployed it for iBGP on MX gear in 20.4 with no concerns for an ASN I manage. No issues in our lab with a mix of 20.4, 21.2 and 22.4, all classic JunOS. I haven't tried it any other scenario.
>
> -Michael
>
>> -----Original Message-----
>> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Barry
>> Greene via juniper-nsp
>> Sent: Tuesday, September 26, 2023 7:50 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Q. Is anyone deploying TCP Authentication Option (TCP-AO) on
>> their BGP peering Sessions?
>>
>> Hi Team,
>>
>> Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP
>> peering Sessions?
>>
>> I’m not touching routers right now. I’m wondering if anyone has deployed,
>> your experiences, and thoughts?
>>
>> This is suppose to be the “replacement” for BGP MD5, ‘but’ I’m hearing …..
>>
>> 1. The Vendors are not supporting yet. Which means a lot of older systems
>> would not be able to support a BGP session with TCP-AO.
>> 2. People have to tried is operationally.
>>
>> Sharing you thoughts would be helpful …...
>>
>> Thanks,
>>
>> Barry
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20230927/56325b8a/attachment.sig>
More information about the juniper-nsp
mailing list