IP economics morphed into (TCP/RST)

• Previous message (by thread): IP economics morphed into (TCP/RST)
• Next message (by thread): IP economics morphed into (TCP/RST)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22-apr-04, at 16:11, Stephen J. Wilcox wrote:

>> There are more protection methods available than just MD5 (as you 
>> allude to
>> Steve).  One mitigator is to use "non-routed" space for BGP peer
>> connections.

> Hmm ok so assume for a moment that I dont want RFC1918 for my links, 
> what are my options? :

> There isnt a "link-local" for IP altho this would be a great solution 
> (surely
> this can be written for BGP??).

Who says BGP sessions must run over IP(v4)?

In theory it shouldn't be a problem to exchange IPv4 routing 
information over IPv6 BGP TCP sessions. (But it seems some of our 
favorite vendors didn't add this scenario to their regression tests.)

> Or I could use all eBGP addresses from a block which I dont route and 
> filter
> internally.. I suspect this is a non-starter, I will have to include 
> all my
> addresses given to me by peers and its gonna screw traces, monitoring 
> etc.

> Can I use secondary IP addresses and then BGP with these addresses, 
> this would
> be a form of "security by obscurity" but providing you can keep the 
> info a
> secret thats surely going to do it?

If you combine the two approaches above and filter all traffic to the 
primary address, traceroutes et al still work but people from the 
outside don't get to hit the route processor.

• Previous message (by thread): IP economics morphed into (TCP/RST)
• Next message (by thread): IP economics morphed into (TCP/RST)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]