nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

From: James <haesu () towardex com>
Date: Thu, 22 Apr 2004 20:58:05 -0400


Couldn't we use 2 /30 subnets on PtP links?  1 /30 with real IPs for 
ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP 
sessions.  I know when a router originates a packet (like with BGP) it 
sets the source IP to the IP of the interface the packet leaves.  Is 
BGP smart enough when setting up BGP neighbors to use an IP in the same 
subnet as the neighbor (the secondary interface IP)?


in IOS bgp will bind source ip that is relevant to the subnet it is being peered
with, even if it is a secondary ip. i am not sure if it binds the ip to primary
ip for the first time, then fall back to secondary ip as primary fails though..
all i know is that when i've tried it by putting a bogus ip as primary, bgp 
session did turn up, but took a little longer than usual.. didn't investigate
any further however.

-J


-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james () towardex com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net
Previous By Date Next
Previous By Thread Next

Current thread: