On 3-Oct-2006, at 14:17, Iljitsch van Beijnum wrote:
Well, my expience is pretty much the opposite: in the commercial ISP world here in Europe, key changes are rare.
ISC has deployed (I think) almost 40 nodes of F now across six continents, and there's peering at pretty much all of those locations. That adds up to a fair number of sessions.
Those who look after those nodes now on a daily basis might report different recent experience, but when I was doing that work I don't believe I ever saw a request from a peer to change a key on a working session.
So, your experience in Europe matches my experience in Europe, Asia, North America, South America, Australasia and Africa.
Having said that, I certainly support the idea that changing keys is a good idea, so long as people continue to use the TCP MD5 option on their BGP sessions. Mechanisms to make it easier to change keys are surely a good idea in that context.
Whether or not the TCP MD5 option is worth using at all is a different question.
Joe _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf