What is a recommended practice for MD5 key management when securing BGP sessions?

Key management for MD5 authentication in BGP is about protecting the shared secret that signs each message. The recommended approach is proper key management: give each neighbor its own unique key, store those keys securely, and rotate them on a defined schedule. Keys should be strong, kept secret, and deployed in a coordinated way on both ends, often with a transition period that allows old and new keys to coexist to prevent session drops. Using separate keys per peer limits the blast radius if a key is compromised and makes revoking access easier. Regular rotation reduces the risk from key exposure over time. In contrast, using one key for all peers creates a single point of failure; rotating the key every minute is impractical and risks misalignment; never rotating keys leaves credentials vulnerable for longer.