On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG <nanog@nanog.org> wrote:
> Is it not possible to protect (just) the eBGP with IPsec? Not on all gears SPs are deploying. But people doing this. > I would think that IPsec would provide the desired protection and that > tuning filters to the proper ports would reduce the overhead that MACsec > might incur with all traffic being encrypted. Correct and more important being control-plane only feature, it's significantly cheaper. Personally I do trust HMAC-MD5 to offer sufficient security today. -- ++ytti
