Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?
cisco-nsp at puck
Sep 26, 2023, 5:48 PM
Post #1 of 2 (138 views)
Permalink
Hi Team,

Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?

I’m not touching routers right now. I’m wondering if anyone has deployed, your experiences, and thoughts?

This is suppose to be the “replacement” for BGP MD5, ‘but’ I’m hearing …..

1. The Vendors are not supporting yet. Which means a lot of older systems would not be able to support a BGP session with TCP-AO.
2. People have to tried is operationally.

Sharing you thoughts would be helpful …...

Thanks,

Barry
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions? [ In reply to ]
cisco-nsp at puck
Sep 27, 2023, 12:05 AM
Post #2 of 2 (138 views)
Permalink
Hi,

On Wed, Sep 27, 2023 at 08:48:44AM +0800, Barry Greene via cisco-nsp wrote:
> Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?

Not me. Not sure if my vendors do support it (IOS XR and Arista EOS),
but I do not see significant benefit.

TBH, most of our (non-multihop) eBGP sessions do not even deploy MD5, as
the whole password management thing adds another source of operational
friction.

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal