RE: [nznog] Routing protocols
I knew that I phrased that wrong just after I clicked "send" I meant the IGP type rather than packet/PDU authentication :) I wonder if it's common that at BOFs and presentations you'd find engineers from ISPs and such talking on the subject of solvung problem xyz or why they find abc good in a particular IGP. Another interesting link sent to me is a disection between the two protocols: http://www.nanog.org/mtg-0006/katz.html
-----Original Message----- From: Joe Abley [mailto:jabley(a)isc.org] Sent: Thursday, 15 April 2004 22:37 To: Chris Hellberg Cc: nznog(a)glassmile.co.nz; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Routing protocols
On 15 Apr 2004, at 06:32, Chris Hellberg wrote:
I stand corrected. In this case, I wonder if it's the exception rather than the norm that large carriers protect things such as their IGP then?
I'm quite sure that AOL and MFN protect their IGP, but they do so using link-layer authentication, a link-scope, non-routed protocol (in the case of IS-IS) and by not exposing it to customers or other external entities. That's what we do at ISC.
Security by obscurity is no longer in style, maybe.
Joe
------------------------------------------------------------------------------ "This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002." ------------------------------------------------------------------------------
On Thu, 15 Apr 2004, Chris Hellberg wrote:
I knew that I phrased that wrong just after I clicked "send"
I meant the IGP type rather than packet/PDU authentication :)
Well considering there arn't really *that* many options for the main IGP on a medium to large network ( IBGP, IS-IS, OSPF , EIGRP maybe, err RIP2 [1] ). Of course some people might run several, or even none. [1] - Just kidding about rip2, although I did hear that a large network in NZ used it, maybe thats why Chris think people keep it secret :) -- Simon J. Lyall. | Very Busy | Mail: simon(a)darkmere.gen.nz "To stay awake all night adds a day to your life" - Stilgar | eMT.
On 15 Apr 2004, at 06:42, Chris Hellberg wrote:
I knew that I phrased that wrong just after I clicked "send"
I meant the IGP type rather than packet/PDU authentication :)
Yeah, I realised that, hence the "obscurity" comment. But if there are concerns about as-yet unknown vulnerabilities in routing protocols that might be exploited, authentication and segregation is a better defence than trying to keep the name of the IGP a secret. (For exterior protocols, which by definition aren't a secret, authentication is a good idea for the same reason. RFC 2385 is a really good idea, as it turns out.)
I wonder if it's common that at BOFs and presentations you'd find engineers from ISPs and such talking on the subject of solvung problem xyz or why they find abc good in a particular IGP.
It's common at every netops meeting I've ever been to. It wouldn't be much of an Internet if engineers didn't talk to each other. Also, there'd be a risk of a curry glut on Thursday evenings. Joe
participants (3)
-
Chris Hellberg -
Joe Abley -
Simon Lyall