On Sep 15, 2012, at 7:58 PM, Nick Hilliard wrote: > The general advice is still to use copp or acls to deprioritise unknown bgp > traffic. Gtsm can help in some situations, particularly at Ixps. Otherwise > md5 is a matter of choice. Some people like it; others don't.
Concur. There are no recorded instances of MD5 keying contributing to a DoS in the wild, AFAIK. And of course if you use iACLs, CoPP, GTSM, you therefore keep unwanted traffic off your session in the first place. MD5 keying is useful as a safeguard to make folks really think before they bring up new peers. Sort of a last-ditch, "Are you *really* use you want to do this, have you done everything else necessary to secure and protect this new routing relationship?" ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
