Hi, On Fri, Dec 07, 2018 at 05:03:03PM -0600, Nico Williams wrote: > What I meant is that I don't understand why resetting a connection > should still cause routes to flap. Instead I'd expect session > management negotiation to determine whether the thing that failed (e.g., > a BGP daemon) implies that the routes are gone or not. Then RST > injection would not be a problem. You'd still need integrity > protection, but then that could always have been done with TLS.
We do have BGP graceful restart. Which just causes a bit of CPU load
on both ends while they walk multiple millions of VPNv4 routes to
reestablish common state.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
