Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
5
Replies

Dynamic Routing Protocols using /30 networks for adjacencies

Go to solution
nathanielscriven
Level 1
Level 1

‎08-10-2017 07:18 AM - edited ‎03-08-2019 11:41 AM

Something I just started to think about in terms of using encryption for adjacency hello traffic when /30s. Does not this not segregate this traffic onto its own network and make it unreachable from the network at large? And in that does it make the desire to encrypt this traffic less pressing?

I have encountered some networks where the adjacency is on a /24 which shares a broadcast domain which production traffic so encryption makes total sense in that scenario. I'm curious what you folks think. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to nathanielscriven

‎08-10-2017 11:04 AM

Much would depend on you physical plant security.

Hopefully, it's such, that someone cannot physically get into your p2p link.

In the case, like your example /24, likely that network has many access ports.

So, for the p2p vs. an "open" network, the latter would have more of a need for infrastructure encryption.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Cluett
Level 1
Level 1

‎08-10-2017 08:04 AM

If you're targeting a secure environment it would be worthwhile to put encryption on your /30's.

0 Helpful

Go to solution
nathanielscriven
Level 1
Level 1
In response to Rob Cluett

‎08-10-2017 08:40 AM

That's not my question though. My question is what are the realistic threats of not having encryption on segregated point to point  /30 networks. (lan, not wan) How could someone realistically hijack an adjacency in this way. 

This is more of a thought experiment than anything else. 

0 Helpful

Go to solution
Rob Cluett
Level 1
Level 1
In response to nathanielscriven

‎08-10-2017 09:51 AM

deleted.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to nathanielscriven

‎08-10-2017 11:04 AM

Much would depend on you physical plant security.

Hopefully, it's such, that someone cannot physically get into your p2p link.

In the case, like your example /24, likely that network has many access ports.

So, for the p2p vs. an "open" network, the latter would have more of a need for infrastructure encryption.

0 Helpful

Go to solution
nathanielscriven
Level 1
Level 1
In response to Joseph W. Doherty

‎08-10-2017 11:58 AM

That's my thought as well. Thanks for entertaining the question!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card