[69976] in North American Network Operators' Group
Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
daemon@ATHENA.MIT.EDU (James)
Thu Apr 22 20:58:39 2004
Date: Thu, 22 Apr 2004 20:58:05 -0400
From: James <haesu@towardex.com>
To: Matthew Crocker <matthew@crocker.com>
Cc: "'nanog @ merit. edu'" <nanog@merit.edu>
In-Reply-To: <51AC7326-94B8-11D8-A0DE-000A956885D4@crocker.com>
Errors-To: owner-nanog-outgoing@merit.edu
> Couldn't we use 2 /30 subnets on PtP links? 1 /30 with real IPs for
> ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP
> sessions. I know when a router originates a packet (like with BGP) it
> sets the source IP to the IP of the interface the packet leaves. Is
> BGP smart enough when setting up BGP neighbors to use an IP in the same
> subnet as the neighbor (the secondary interface IP)?
in IOS bgp will bind source ip that is relevant to the subnet it is being peered
with, even if it is a secondary ip. i am not sure if it binds the ip to primary
ip for the first time, then fall back to secondary ip as primary fails though..
all i know is that when i've tried it by putting a bogus ip as primary, bgp
session did turn up, but took a little longer than usual.. didn't investigate
any further however.
-J
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james@towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
