Alex, It's clever that bgp process is able to establish IPSec tunnel itself.
Something good to be included in the RFC I guess :) Thanks Thedin Sent from Thedin's IPhone On 25/06/2011, at 5:43 AM, "Alex" <alex.arsen...@gmail.com> wrote: > If you ever need multihop eBGP again, and are still worrying about > security/hijacking/packet modification/code injection there is a JUNOS > feature called "BGP IPSec protection" which establishes transport IPSec SA > between 2 Juniper boxes for explicit purpose of encrypting BGP packets. > You don't need a Service PIC for this to work, it is done in RE > http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-routing/routing-using-ipsec-to-protect-bgp-traffic.html > Rgds > Alex > > ----- Original Message ----- From: "Mike Williams" <mike.willi...@comodo.com> > To: <juniper-nsp@puck.nether.net> > Sent: Friday, June 24, 2011 6:20 PM > Subject: Re: [j-nsp] How does multihop eBGP work? > > >> On Friday 24 June 2011 17:49:28 Patrick Okui wrote: >>> BGP only populates your idea of the next hop towards your destination. >>> Once your packets leave your network to the intermediary autonomous >>> systems they forward the packets based on their idea of the best next hop. >>> >>> Short of some combination of tunnelling &/or encryption there's no real >>> way for you to control/verify what happened to the packets in transit. >> >> Thanks to all who replied. >> >> I was sort of hoping there would be a magical auto-encapsulation feature that >> nobody ever spoke about. >> >> We've solved our original problem in a neatly elegant way, without multi-hop >> ebgp. >> >> -- >> Mike Williams >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp