MD5'd BGP sessions over IPv6?
Jeroen Massar jeroen at unfix.org
Thu Apr 22 15:16:03 CEST 2004
On Thu, 2004-04-22 at 14:56, Ronald van der Pol wrote: > On Thu, Apr 22, 2004 at 14:44:06 +0200, Jeroen Massar wrote: > > > I'll try to adopt the current IPv4 patches to IPv6 as it seems to be > > only TCP related as they stick the md5 in the option headers of TCP... > > As far as I know, this is correct. The underlying IP version does not > matter. It should work for both v4 and v6. In that case I have some nice work for this evening ;) I'll build a double Quagga test setup and test between those and then test it using a Cisco on the other end too, if that works I'll upgrade the GRH setup, which should be a good test to see if those peers can work with the patch. After that I think it should be ready for RIS deployment too. Expect some more info after this weekend... Though the RIS boxes have an advantage that there are (afaik) not using multihop BGP's like GRH and thus can be protected largely with ingress filters and the likes on the peering meshes. Another patch I'll add is to be able to 'hide' the local/remote port numbers. Though that is only 2x 65535 tries to get it right and statistically less of course, <1024 not being used etc. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : https://www.ripe.net/ripe/mail/archives/ris-users/attachments/20040422/a604f2f6/attachment.bin