Re: TCP-AO for BGP Peering?

[Eric Dugas via NANOG <nanog () nanog org>]

We have used it in our core since JunOS 20.3+ but no peers (over 250) have
accepted to use TCP-AO so far.

On Wed, Jun 12, 2024 at 8:20 AM Andrew Gallo <akg1330 () gmail com> wrote:

> There's a github repo with configuration examples from a number of vendors
>
> https://github.com/TCP-AO
>
>
> As for usage....slow adoption.  I only know of one production deployment
> (because I control both eBGP routers :)
>
>
> https://labs.ripe.net/author/andrew-gallo/production-deployment-of-tcp-authentication-option/
>
>
> (maybe Cunningham's law will apply and someone will prove me wrong)
>
>
>
> On 6/12/2024 7:00 AM, Saku Ytti wrote:
> > I don't think that URL explains how commonly it is used.
> >
> > In my experience TCP-AO use is extremely limited, partly because it's
> > super new in practice. Juniper had it for a long time, but it was
> > pre-standard even years after the standard was published, which
> > probably didn't matter much, as no one else had it at all until
> > somewhat recently.
> >
> > I suspect this type of order of events may have led many people to
> > look into TCP-AO early on, and decided correctly it was not
> > operationally feasible, and that has stuck.
> >
> >
> >
> > On Wed, 12 Jun 2024 at 13:57, Marco Paesani <marco () paesani it> wrote:
> > > Hi,
> > > you can start from here:
> https://www.juniper.net/documentation/us/en/software/junos/transport-ip/topics/topic-map/tcp-configure-ao-bgp-ldp.html
> > > Regards,
> > >
> > >
> > > -----
> > >
> > > Marco Paesani
> > >
> > >
> > >
> > >
> > > Skype: mpaesani
> > > Mobile: +39 348 6019349
> > > Success depends on the right choice !
> > > Email: marco () paesani it
> > >
> > >
> > >
> > >
> > > Il giorno mer 12 giu 2024 alle ore 12:52 7riw77 () gmail com <
> 7riw77 () gmail com> ha scritto:
> > > > Y'all --
> > > >
> > > > Does anyone know of a survey or study showing the rate of uptake for
> BGP over TCP-AO? I've poked around some and asked in a few places and not
> found anything, but I probably missed something out there.
> > > > If there's no studies, does anyone have any experiences possibly
> indicating BGP over TCP-AO usage they can share?
> > > > :-) /r