Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Couldn't we use 2 /30 subnets on PtP links?  1 /30 with real IPs for 
> ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP 
> sessions.  I know when a router originates a packet (like with BGP) it 
> sets the source IP to the IP of the interface the packet leaves.  Is 
> BGP smart enough when setting up BGP neighbors to use an IP in the same 
> subnet as the neighbor (the secondary interface IP)?

in IOS bgp will bind source ip that is relevant to the subnet it is being peered
with, even if it is a secondary ip. i am not sure if it binds the ip to primary
ip for the first time, then fall back to secondary ip as primary fails though..
all i know is that when i've tried it by putting a bogus ip as primary, bgp 
session did turn up, but took a little longer than usual.. didn't investigate
any further however.

-J


-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james at towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]