Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
James
haesu at towardex.com
Fri Apr 23 00:58:05 UTC 2004
> Couldn't we use 2 /30 subnets on PtP links? 1 /30 with real IPs for
> ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP
> sessions. I know when a router originates a packet (like with BGP) it
> sets the source IP to the IP of the interface the packet leaves. Is
> BGP smart enough when setting up BGP neighbors to use an IP in the same
> subnet as the neighbor (the secondary interface IP)?
in IOS bgp will bind source ip that is relevant to the subnet it is being peered
with, even if it is a secondary ip. i am not sure if it binds the ip to primary
ip for the first time, then fall back to secondary ip as primary fails though..
all i know is that when i've tried it by putting a bogus ip as primary, bgp
session did turn up, but took a little longer than usual.. didn't investigate
any further however.
-J
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james at towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
More information about the NANOG
mailing list