TCP MD5 and IPsec for MP-BGP UPDATE TCP MD5 (RFC2385) Offering Authentication and integrity on a point-to-point basis Protection from spoofing attacks and connection hijacking But not for eavesdropping and weak against replay attacks Lack of an automated key management IPsec ESP protocol offers authentication, data integrity, and anti-replay between BGP speakers (i.e. AFBRs) IKE protocol supported for automated key management PKI can be used when available. draft-bellovin-useipsec-05.txt provides guidelines for mandating the use of IPsec. |