First page Back Continue Last page Overview Text
Notes:
Usually, a BGP session can only be established between two manually configured peers. Each peer needs to be configured with the IP address and the AS number of the remote peer.
For a security point of view, several solutions have been proposed to ensure that a BGP session will not be hijacked :
One solution is to protect the TCP connection with MD5 digests. See
, A. Heffernan, Protection of BGP Sessions via the TCP MD5 Signature Option , RFC2385, August 1998
Another solution is to utilize IP packets with a TTL value of 255 on single-hop eBGP sessions :
V. Gill, J. Heasley, D. Meyer, The BGP TTL Security Hack (BTSH), Internet draft, draft-gill-btsh-00.txt , October 2002, Work in progress
Another solution is to send the BGP session over an IPSec association
For a discussion of BGP security issues, see :
Sandra Murphy, BGP Security Analysis, Internet draft, draft-murphy-bgp-secr-04.txt , work in progress, November 2001
S. Murphy, BGP Security Vulnerabilities Analysis, Internet draft, draft-murphy-bgp-vuln-01.txt , work in progress, Oct. 2003
See also the RPSEC IETF working group
http://www.ietf.org/html.charters/rpsec-charter.html