On 2005-06-23, at 09:57, Eric Gauthier wrote:
likely need to make modifications to our IGP/EGP setup. Though
we filter
OSPF multicast traffic, we wanted to add in MD5 passwords to our
neighbors.
just a quick comment here. i would encourage you not to do that.
Honestly, I completely agree with you that MD5'ing our OSPF
adjacencies isn't
a great idea (I've so far stalled its roll-out).
Just in case it's not obvious to any onlookers here, Eric was talking
about using MD5 authentication in OSPF adjacencies, and Todd is
talking about using the TCP MD5 signature option (RFC2385) between
BGP peers.
They are two different things (although they both involve routing
protocols and the MD5 algorithm): not all arguments for or against
one will apply to the other.
Joe