[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BGP over TLS
- Subject: BGP over TLS
- From: jheitz at cisco.com (Jakob Heitz (jheitz))
- Date: Mon, 21 Oct 2019 18:42:18 +0000
The article linked says no mainstream BGP implementation supports TCP-AO.
IOS-XE and IOS-XR support it.
While I do not represent the Cisco view, personally I like the idea of BGP over TLS.
Regards,
Jakob.
-----Original Message-----
Date: Mon, 21 Oct 2019 19:21:03 +1100
From: Julien Goodwin <nanog at studio442.com.au>
On 21/10/19 6:30 pm, Bjørn Mork wrote:
> Christopher Morrow <morrowc.lists at gmail.com> writes:
>
>> isn't julien's idea more akin to DOT then DOH ?
>
> Yes, and I really like Julien's proposal. It even looks pretty
> complete. There are just a few details missing around how to make the
> MD5 => TLS transition smooth.
At least for those systems that run on Linux (which is most all of the
major's except Juniper) I suspect if we went to the relevant kernel folk
with a clear plan on how handling TCP-MD5 in a way that would make
transitions much easier they'd listen.
The troll response at the top of my post was actually based on a
response from one of the kernel folk, who dislike TCP options even more
than network operators.
> Sorry for any confusion caused by an attempt to make a joke on DoH. I
> didn't anticipate the sudden turn to serious discussion :-) Which
> obviously was a good one. I am all for BGP over TLS, so let's discuss
> https://laptop006.livejournal.com/60532.html
If anyone is at all interested in this I'm happy to discuss and flesh
out anything that's not clear. After I wrote this (over a few bottles of
red on the flight to linux.conf.au this year) I sent it to a bunch of
people that had expressed interest, including a few BGP implementations,
but nobody bit.
- Follow-Ups:
- BGP over TLS
- From: nanog at studio442.com.au (Julien Goodwin)