[69993] in North American Network Operators' Group
Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
daemon@ATHENA.MIT.EDU (Niels Bakker)
Fri Apr 23 12:20:43 2004
Date: Fri, 23 Apr 2004 18:19:17 +0200
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <20040423005805.GA51019@scylla.towardex.com>
Errors-To: owner-nanog-outgoing@merit.edu
* haesu@towardex.com (James) [Fri 23 Apr 2004, 02:58 CEST]:
> in IOS bgp will bind source ip that is relevant to the subnet it is
> being peered with, even if it is a secondary ip. i am not sure if it
Actually my lab testing showed that older routers (2500/4500) do so, but
real equipment (7200/7500) doesn't, for some reason
> binds the ip to primary ip for the first time, then fall back to
> secondary ip as primary fails though.. all i know is that when i've
This it definitely doesn't do.
> tried it by putting a bogus ip as primary, bgp session did turn up, but
> took a little longer than usual.. didn't investigate any further
> however.
That's probably because the other end initiated the TCP session by then.
-- Niels.
