[quagga-dev 1045] Re: [quagga-users 1696] TCP MD5 for BGP and Linux

Jeroen Massar jeroen at unfix.org
Fri Apr 16 16:55:45 BST 2004


On Fri, 2004-04-16 at 17:02, Rick Payne wrote:
> --On Friday, April 16, 2004 4:59 pm +0200 Jeroen Massar <jeroen at unfix.org> 
> wrote:
> 
> > Especially if it can also do IPv6, if not, pass it to me and I'll have a
> > look at it as that might prove very interresting especially for eg my
> > GRH project which is using EBGP multihop sessions even traveling the
> > transatlantic.
> 
> MD5 Protection of TCP segments has not been defined for IPv6, I think. The 
> RFC-2385 only discusses ipv4, because I suspect other mechanisms are 
> intended to protect ipv6 connections.

Hmmm, but I guess that that would mean IPSEC and that is widely deployed
in IPv6 ;) (not).

Anyhow I did a quick round of questions and googling.
Apparently both Cisco and Juniper support MD5'd BGP sessions in IPv6:

http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-started/html/software-overview37.html

But *how* they implement it is noted nowhere and if done nicely with
extension headers or not is totally in the mist.

I'll raise it on the ipv6 at ietf.org list.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20040416/1c36120a/attachment-0001.sig>


More information about the Quagga-dev mailing list