Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> next thing to protect is customer ebgp sessions. some providers don't 
> even
> route the p2p /30 links used between cust and their backbone (i.e. 
> Sprint).
> so that's up to you.
>
> some backbones even filter all traffic destined to backbone prefixes at
> ingress points (border routers, cust edge routers)... for example.. att
> being one. for example, here comes random test:

Couldn't we use 2 /30 subnets on PtP links?  1 /30 with real IPs for 
ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP 
sessions.  I know when a router originates a packet (like with BGP) it 
sets the source IP to the IP of the interface the packet leaves.  Is 
BGP smart enough when setting up BGP neighbors to use an IP in the same 
subnet as the neighbor (the secondary interface IP)?

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]