[walrus01]

a very small percentage of ISPs at some major IX points still want MD5 auth on BGP sessions across the fabric. Usually a moot point these days since the IX operator should have solid, reliable documentation of exactly what switch port and fiber patch panel assignment goes to which cage/suite/cabinet and ISP.

Or in the case of a PNI between two ISPs over their own cross connect, you absolutely want to have a mutual level of trust and cooperation between the BGP peers on both sides of the session.

And then other more modern methods of verifying that the IP blocks you're seeing from some other AS are legit, like verifying their RPKI signatures, IRR entries, etc.

[thomashabets2]

Citation needed. The ISPs I've worked for run this pretty much everywhere.

I mean it's the only auth that exists for BGP, so why would you not want it?

[walrus01]

Citation needed: I've maintained direct sessions over the fabric (not via route servers) between my AS and peers' ASes, with over a hundred ISPs, at some of the world's largest IXes. Out of those more than a hundred, maybe 3 used MD5. We also have a lot of PNIs direct with other carriers with POPs in the same building. Sorry I obviously can't provide a copy/paste of the junos config showing all the peers.