From: Brian Dennis (brian@labforge.com)
Date: Fri Apr 18 2003 - 00:20:36 GMT-3
Jason,
Right from the source.
<RFC1771>
6.8 Connection collision detection.
If a pair of BGP speakers try simultaneously to establish a TCP
connection to each other, then two parallel connections between this
pair of speakers might well be formed. We refer to this situation as
connection collision. Clearly, one of these connections must be
closed.
Based on the value of the BGP Identifier a convention is established
for detecting which BGP connection is to be preserved when a
collision does occur. The convention is to compare the BGP
Identifiers of the peers involved in the collision and to retain only
the connection initiated by the BGP speaker with the higher-valued
BGP Identifier.
</RFC1771>
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
Director of CCIE Training and Development - IPexpert, Inc.
Mailto: brian@ipexpert.net
Toll Free: 866.225.8064
Outside U.S. & Canada: 312.321.6924
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jason Wydra
Sent: Wednesday, April 16, 2003 1:07 AM
To: ccielab@groupstudy.com
Subject: Extended access-list question
The object with the list below is to block input telnet, http and bgp on
the input of all interfaces that it's assigned to. My question is why
doesn't BGP need to be blocked in both directions? I've seen this with
other protocols too. Some have blocks in both directions and some don't.
Probably an easy answer to this. Thanks,Jason Wydra access-list 115
permit tcp any any eq telnet
access-list 115 permit tcp any eq telnet any
access-list 115 permit tcp any any eq www
access-list 115 permit tcp any eq www any
access-list 115 permit tcp any any eq bgp
---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:57 GMT-3