At the same time, you are not going to find the SP core swapping out
their equipment for hardware with crypto chips. SPs do not seem to want
to pay for this sort of addition. So even new equipment is not getting
hardware crypto that can be used.
So a BGP IPSEC option has to work with what hardware we've got deployed
today - not wishing the community would "just upgrade."
At the same time, you are not going to find the SP core swapping out
their equipment for hardware with crypto chips. SPs do not seem to want
to pay for this sort of addition. So even new equipment is not getting
hardware crypto that can be used.
As with everything else, it needs to actually add useful features that
makes a SP's life easier, not just be another vector for an extra line
item and a higher total on the router invoice.
So a BGP IPSEC option has to work with what hardware we've got deployed
today - not wishing the community would "just upgrade."
SPs don't see any tangile benefit in BGP IPSEC (and legitimately so), so
this will clearly not be a driving factor for them. I guarantee you if you
solve a real problem (like say authenticating and managing authorized
prefix announcements) and make it faster/better because the router has
hardware crypto available, folks will actually start buying new RPs/etc.