BGP Session Startup (tuning this)

From: Ken.Farrington@barclayscapital.com
Date: Tue Nov 25 2003 - 19:21:58 GMT-3

• Next message: Brian McGahan: "RE: RE: IS-IS on ISDN NOT LEGACY !!!"
• Previous message: Brian McGahan: "RE: IS-IS on ISDN NOT LEGACY !!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good evening all :-)

From the output below, you can see that on my two router network, either
router can start
the BGP session. The thing is, I only want one router (ATM-BB) to be able
to start the session, ie
open a TCP session to port 179. I dont ever want the other router (TEST2)
to start a TCP session with
a destination port of 179.

So, the only way I figure I can do this is by putting an inbound ACL on the
ATM-BB router and it works fine (Config below)

Question is, is this what you have to do to make this work or is there an
equiv of an DLSW Passive command for BGP?
and,
what is the criteria, for who starts the session first, say, no ACL is
applied and you do a clear ip bgp (must be sommat to do with the active
timer or sommat)

Many thx indeed,
Ken

Config on ATM-BB Router
-----------------------
!
interface FastEthernet1
 ip address 200.201.1.1 255.255.255.0
 ip access-group 111 in
!
router bgp 253
 neighbor 200.201.1.2 remote-as 5
!
access-list 111 deny tcp any any eq bgp
access-list 111 permit ip any any

Config on TEST2 Router
----------------------
!
interface FastEthernet1
 ip address 200.201.1.2 255.255.255.0
!
router bgp 5
 neighbor 200.201.1.1 remote-as 253

Results with ACL, Test2 gets "access denied" when tring to start the BGP
session and then by the syn-ack received
back on ATM-BB, you know that ATM-BB has sent the SYN and started the
session.

ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
00:53:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 44, access
denie
d
00:53:26: TCP src=11017, dst=179, seq=2342290847, ack=0, win=16384 SYN
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1 (FastEthernet1),
len
44, rcvd 3
00:53:40: TCP src=179, dst=11018, seq=1245489616, ack=2525366980,
win=16384
ACK SYN
00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0
00:53:40: TCP src=179, dst=11018, seq=1245489617, ack=2525367025,
win=16339
ACK PSH
00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:53:40: TCP src=179, dst=11018, seq=1245489662, ack=2525367044,
win=16320
ACK PSH
00:53:40: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up
00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:53:40: TCP src=179, dst=11018, seq=1245489681, ack=2525367108,
win=16256
ACK PSH
00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0
00:53:40: TCP src=179, dst=11018, seq=1245489700, ack=2525367146,
win=16218
ACK
ATM-BB#
ATM-BB#
ATM-BB#

********Router TEST2 starts the BGP session**********************
ATM-BB#
ATM-BB#
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 44, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708026, ack=0, win=16384 SYN
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708027, ack=243242607,
win=16384 A
CK
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708027, ack=243242607,
win=16384 A
CK PSH
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708072, ack=243242652,
win=16339 A
CK PSH
00:11:26: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708091, ack=243242671,
win=16320 A
CK
00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:11:26: TCP src=11005, dst=179, seq=3186708091, ack=243242773,
win=16218 A
CK PSH
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
00:12:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:12:27: TCP src=11005, dst=179, seq=3186708110, ack=243242792,
win=16199 A
CK PSH
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
00:13:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:13:27: TCP src=11005, dst=179, seq=3186708129, ack=243242811,
win=16180 A
CK PSH
00:13:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 111, rcvd 0
00:13:27: TCP src=11005, dst=179, seq=3186708148, ack=243242811,
win=16180 A
CK PSH

TEST2#
TEST2#
TEST2#
00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2 (FastEthernet1),
len
44, rcvd 3
00:11:23: TCP src=179, dst=11005, seq=243242606, ack=3186708027,
win=16384 A
CK SYN
00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 85, rcvd 0
00:11:23: TCP src=179, dst=11005, seq=243242607, ack=3186708072,
win=16339 A
CK PSH
00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:11:23: TCP src=179, dst=11005, seq=243242652, ack=3186708091,
win=16320 A
CK PSH
00:11:23: %BGP-5-ADJCHANGE: neighbor 200.201.1.1 Up
00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 142, rcvd 0
00:11:23: TCP src=179, dst=11005, seq=243242671, ack=3186708091,
win=16320 A
CK PSH
00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:11:23: TCP src=179, dst=11005, seq=243242773, ack=3186708110,
win=16301 A
CK
TEST2#
TEST2#
TEST2#
00:12:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:12:24: TCP src=179, dst=11005, seq=243242773, ack=3186708110,
win=16301 A
CK PSH
00:12:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:12:24: TCP src=179, dst=11005, seq=243242792, ack=3186708129,
win=16282 A
CK
TEST2#
TEST2#
TEST2#
TEST2#
TEST2#
TEST2#
TEST2#
TEST2#
00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:13:24: TCP src=179, dst=11005, seq=243242792, ack=3186708129,
win=16282 A
CK PSH
00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:13:24: TCP src=179, dst=11005, seq=243242811, ack=3186708148,
win=16263 A
CK
00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:13:24: TCP src=179, dst=11005, seq=243242811, ack=3186708219,
win=16192 A
CK
  

----------------------------------------------------------------------------
---------

********Router ATM-BB starts the BGP session**********************
TEST2#
TEST2#
TEST2#
00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 44, rcvd 0
00:15:46: TCP src=11004, dst=179, seq=1036704196, ack=0, win=16384 SYN
00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:15:46: TCP src=11004, dst=179, seq=1036704197, ack=3716649371,
win=16384
ACK
00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 85, rcvd 0
00:15:46: TCP src=11004, dst=179, seq=1036704197, ack=3716649371,
win=16384
ACK PSH
00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:15:46: TCP src=11004, dst=179, seq=1036704242, ack=3716649416,
win=16339
ACK PSH
00:15:46: %BGP-5-ADJCHANGE: neighbor 200.201.1.1 Up
00:15:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:15:47: TCP src=11004, dst=179, seq=1036704261, ack=3716649435,
win=16320
ACK
00:15:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:15:47: TCP src=11004, dst=179, seq=1036704261, ack=3716649525,
win=16230
ACK PSH
00:16:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0
00:16:47: TCP src=11004, dst=179, seq=1036704280, ack=3716649525,
win=16230
ACK PSH
00:16:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0
00:16:47: TCP src=11004, dst=179, seq=1036704299, ack=3716649544,
win=16211
ACK
TEST2#

ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
ATM-BB#
00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1 (FastEthernet1),
len
44, rcvd 3
00:15:49: TCP src=179, dst=11004, seq=3716649370, ack=1036704197,
win=16384
ACK SYN
00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0
00:15:49: TCP src=179, dst=11004, seq=3716649371, ack=1036704242,
win=16339
ACK PSH
00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:15:49: TCP src=179, dst=11004, seq=3716649416, ack=1036704261,
win=16320
ACK PSH
00:15:49: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up
00:15:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 130, rcvd 0
00:15:50: TCP src=179, dst=11004, seq=3716649435, ack=1036704261,
win=16320
ACK PSH
00:15:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0
00:15:50: TCP src=179, dst=11004, seq=3716649525, ack=1036704280,
win=16301
ACK
00:16:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0
00:16:50: TCP src=179, dst=11004, seq=3716649525, ack=1036704299,
win=16282
ACK PSH
ATM-BB#

------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.

------------------------------------------------------------------------

• Next message: Brian McGahan: "RE: RE: IS-IS on ISDN NOT LEGACY !!!"
• Previous message: Brian McGahan: "RE: IS-IS on ISDN NOT LEGACY !!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:17 GMT-3