On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <se...@rollernet.us> wrote: > On 1/27/12 11:26 AM, Brian Stengel wrote: >> We have a potential customer that is asking for us to enable MD5 >> authentication on a TCP connection between two BGP peers? Is this still >> common practice today? Any potential problems or gotchas to keep in mind? >> > > Sprint requires it to enable remote triggered blackhole.
lots of folks still use it yes. is it helpful? maybe? maybe not? is this peering over a shared media (like a 10base-T hub). You might point out that you'll be enabling this, then promptly writing the 'secret' on a large whiteboard in your noc... because chances are the config won't include it in rancid and ... you don't have a place to store these securely that's not prone also to outages :( also, customers wander through your NOC, so...