Peering with Tele2 / AS1257

This page describes Tele2s policies on the technical aspects surrounding peering with AS1257 as well as some general information on related matters. It is targeted towards existing peering partners of Tele2.

BGP MD5 authentication

Tele2 prefer the use of MD5 authentication for BGP sessions.

BGP MD5 authentication is a technique to cryptographically sign the TCP packets used to transport a BGP session. It makes it significantly harder to reset or inject malicious packets into a BGP TCP session as well as preventing certain misconfigurations.
While it is true that MD5 authentication can increase CPU usage, it is miniscule on modern routers. See this excellent presentation by Tom Scholl of AT&T.

BFD

Tele2 support BFD in the majority of peering locations with timers of 150ms * 3

BFD is a protocol for fast hellos. It allows the sending of hello packets at intervals measured in tens of milliseconds rather than tens of seconds as is common today with BGP. While its use is limited on mediums where a proper link down event will be asserted it is very useful over Internet exchanges where a BGP peer may become unreachable with no link down event.

ICMP / traffic limits

Tele2 limits the bandwidth available for traffic destined to Tele2 infrastructure addresses

To protect the Tele2 network infrastructure, there are policers implemented to limit the amount of traffic destined to addresses that are used for Tele2 network infrastructure. This could impact ICMP based monitoring, such as ping or traceroute, as well. Please observe that no limits are imposed on customer prefixes.