[Warning: vendor anecdata follows] In bgp-land where we're a primary motivator, but only a client of tcp-ao, we've seen a few minor bugs from the field primarily dealing with keychain configuration or rollover issues in the last few years. Basically enough activity to suggest people are minimally playing with it, to possibly deploying it. The folk in JTAC would be able to tell us more by mining configs, but for good reasons they don't want us poking through customer configs too arbitrarily. In terms of my experience for "bug activity as a proxy for deployment", I'd guess we're still moving in early stages, but it's happening.
The fact that tcp-ao support in linux is becoming more pervasive will likely help us close some gaps and likely provide better support for vendors that use that as their underlying OS. One note to keep in mind in terms of roll-out is implementations with NSR support have to do rather unpleasant things to TCP stacks in order to implement an already tricky feature. This is one of the reasons why deployment across vendors is slow. -- Jeff On 9/27/23, 1:35 AM, "juniper-nsp on behalf of Saku Ytti via juniper-nsp" <juniper-nsp-boun...@puck.nether.net <mailto:juniper-nsp-boun...@puck.nether.net> on behalf of juniper-nsp@puck.nether.net <mailto:juniper-nsp@puck.nether.net>> wrote: [External Email. Be cautious of content] Juniper Business Use Only On Wed, 27 Sept 2023 at 03:50, Barry Greene via juniper-nsp <juniper-nsp@puck.nether.net <mailto:juniper-nsp@puck.nether.net>> wrote: > Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP > peering Sessions? > > I’m not touching routers right now. I’m wondering if anyone has deployed, > your experiences, and thoughts? For the longest time (like close to decade) no one supported it at all, not even Juniper, because Juniper implementation was pre-RFC which was incompatible with RFC. To my understanding today there is support in Junos, IOS-XE, IOS-XR, SROS, EOS and VRP. I have no operational experience to share. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net <mailto:juniper-nsp@puck.nether.net> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!NEt6yMaO-gk!D7sD_mpaj-TIBufn4Z23joLPE5sAOkFNYOp61NWZUc66Runi5hGMtg5vhM1F-mCgYZyo2cZQFupyvEgQgWODqps$ <https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!NEt6yMaO-gk!D7sD_mpaj-TIBufn4Z23joLPE5sAOkFNYOp61NWZUc66Runi5hGMtg5vhM1F-mCgYZyo2cZQFupyvEgQgWODqps$> _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
