What is a recommended practice for per-peer MD5 key rotation in large networks?

Regular rotation of per-peer MD5 keys with centralized management is essential in large networks. It limits the window during which a compromised key can be misused and keeps authentication consistent across many BGP sessions. Centralized management enables automated lifecycles, versioning, auditing, and coordinated rollout or withdrawal of keys, which is crucial when dealing with thousands of peers. In practice, store keys securely (in a dedicated vault or KMS) and distribute them to routers over secure channels, ensuring there is an overlap period where both old and new keys are valid to avoid dropping sessions. Never rotating keys creates a long-term risk if a key is compromised, and storing keys in plaintext on routers is insecure and must be avoided.