RE: Passive interface command for BGP peering?

From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Thu Jul 18 2002 - 18:53:21 GMT-3

• Next message: Brian McGahan: "RE: Re: Cyscoexpert Official Configs"
• Previous message: Przemyslaw Karwasiecki: "Re: 3920 -- 'wr erase' ???"
• Maybe in reply to: Ng, Kim Seng David (David): "Passive interface command for BGP peering?"
• Next in thread: Brian Dennis: "RE: Passive interface command for BGP peering?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Shouldn't the solutionj accomodate the BRI being able to allow the BGP
peering in the event of a failure, or is that not part of the
requiremnet?

Anthony Pace

On Thu, 18 Jul 2002 13:15:08 -0500, "Brian McGahan"
<brian@cyscoexpert.com> said:
> Now *THAT* is an interesting solution Brian. Making the locally
> originated traffic hop once before leaving so it hits an outbound
> access-list... I might just have to steal that one from you ;)
>
> Brian McGahan, CCIE #8593
> Director of Design and Implementation
> brian@cyscoexpert.com
>
> CyscoExpert Corporation
> Internetwork Consulting & Training
> http://www.cyscoexpert.com
> Voice: 847.674.3392
> Fax: 847.674.2625
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Brian Dennis
> Sent: Thursday, July 18, 2002 12:23 PM
> To: 'Ng, Kim Seng David (David)'; ccielab@groupstudy.com
> Subject: RE: Passive interface command for BGP peering?
>
> You could block it inbound on the other side. If it must be blocked
> outbound create a local policy and forward the BGP traffic to the
> loopback interface first. This will cause the BGP traffic to hit the
> outbound access-list on the BRI interface. Another solution would be to
> filter the loopback's route from being advertised over the BRI
> interfaces. Of course there are a few other ways to solve this problem
> ;-)
>
> Also make sure that you block BGP in both directions with your
> access-list:
> access-list 100 deny tcp host x.x.x.x eq 179 host x.x.x.x
> access-list 100 deny tcp host x.x.x.x host x.x.x.x eq 179
> access-list 100 permit ip any any
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ng, Kim Seng David (David)
> Sent: Thursday, July 18, 2002 8:28 AM
> To: ccielab@groupstudy.com
> Subject: Passive interface command for BGP peering?
>
> Hi group,
>
> Is there an equivalent "passive interface" command to stop BGP
> peering over a specific interface. In a case when I have the backup BRI
> interface activated and the floating static default route in place, I
> want to prevent the BGP peering from happening over the BRI interface.
> Dialer list can prevent peering from activating the BRI link but that
> will not stop BGP peering when some other interesting traffic activates
> the link. I tried access-list extended out blocking tcp port 179 at the
> BRI interface but the IBGP peering (thru loopback interface) still
> occurs. I think it is because the access-list cannot block locally
> generated traffic. Hope someone can advice.
>
> Thanks
> David

• Next message: Brian McGahan: "RE: Re: Cyscoexpert Official Configs"
• Previous message: Przemyslaw Karwasiecki: "Re: 3920 -- 'wr erase' ???"
• Maybe in reply to: Ng, Kim Seng David (David): "Passive interface command for BGP peering?"
• Next in thread: Brian Dennis: "RE: Passive interface command for BGP peering?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3