- Written by Vu Nguyen
- Posted on 8月 23, 2022
- Updated on 11月 22, 2023
- 7717 Views
EOS currently supports BGP message authentication via the TCP MD5 Signature (TCP MD5) option (RFC 2385) to protect the BGP sessions from spoofed TCP segments. However, research has shown many concerns that the TCP MD5 algorithm is cryptographically ineffective with a just simple keyed hash for authentication.
- Written by Vu Nguyen
- Posted on 9月 25, 2024
- Updated on 9月 25, 2024
- 436 Views
In the BGP Update message’s AS_PATH, routers have the capability to perform route aggregation and combine the ASes an update has traversed, merging the discrete entries into an AS_SET. Routers can also do this within the local confederation with member AS numbers, using an AS_CONFED_SET. Route aggregation can be problematic as it blurs the semantics of what it means to originate a route. RFC 6472 recommends not using AS_SET or AS_CONFED_SET in BGP, and further justifies reasoning as to why, as well as provides a recommended way to handle updates with these messages.