RE: BGP in promiscous/passive mode!

From: Snow, Tim (timothy.snow@eds.com)
Date: Tue Dec 30 2003 - 04:21:44 GMT-3

• Next message: Pun, Alec CL: "RE: dialer-watch question"
• Previous message: Lloyd Rochon: "RE: CCIE Voice Rack Rentals"
• Maybe in reply to: Nathasha Aleyevka: "BGP in promiscous/passive mode!"
• Next in thread: Adel Abushaev: "Re: BGP in promiscous/passive mode!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

BGP is all about stability and therefore neighbors need to be manually
defined. Think about if you had a router running BGP and a hacker could
bring up a BGP speaking router and corrupt your RT. Bad bad bad.

BGP also will not form a neighborship if it only has a default route,
something better than a /1 needs to be available for the open message.

Tim
#12042

-----Original Message-----
From: Nathasha Aleyevka [mailto:naleyevka@yahoo.com]
Sent: Tuesday, December 30, 2003 12:44 AM
To: ccielab@groupstudy.com
Subject: BGP in promiscous/passive mode!

Good Evening All,
 
 
I have 2 questions regarding BGP:
 
a) I would like to establish a BGP session between two routers R1 in AS10
and R2 in AS20(Central site), I can configure R1 with the neighbor 1.1.1.2
remote-as 20 command, is it possible to configure R2 in a promiscous mode so
it will establish a session with R1/x without entering the neighbor commands
on R2?
 
R1
R2
 
int e0
int e0
ip addres 1.1.1.1/24 ip
address 1.1.1.2/24
router bgp 10
neighbor 1.1.1.2 remote-as 20
===========================================================
 
b) I only want R1 to be able to start a BGP session with R2, destination
port 179. By using a local policy & route-map on R2 with an outbound
access-list,
applied to R2's E0, here is what I got:
IP: s=1.1.1.1 (Ethernet0), d=1.1.1.2 (Ethernet0), len 60, rcvd 3
    TCP src=11009, dst=179, seq=2156087920, ack=0, win=16384 SYN
IP: s=1.1.1.1 (Ethernet0), d=1.1.1.2 (Ethernet0), len 60, rcvd 3
    TCP src=11009, dst=179, seq=2156087921, ack=2260118643, win=16384 ACK
IP: s=1.1.1.1 (Ethernet0), d=1.1.1.2 (Ethernet0), len 99, rcvd 3
    TCP src=11009, dst=179, seq=2156087921, ack=2260118643, win=16384 ACK
PSH
IP: s=1.1.1.1 (Ethernet0), d=1.1.1.2 (Ethernet0), len 73, rcvd 3
    TCP src=11009, dst=179, seq=2156087966, ack=2260118672, win=16355 ACK
PSH su BGP table version is 1, main routing table version 1 Having said
that, it seems to me that the router initiating the TCPconnection in the
above scenarion is router R1, but the BGP session is started by R2.
 
If router R1 were to iniate a BGP session second line should look like
IP: s=1.1.1.1 (Ethernet0), d=1.1.1.2 (Ethernet0), len 60, rcvd 3
    TCP src=179, dst=11016, seq=2918566711, ack=3022616789, win=16384 ACK
SYN therefore the configuration should be done on the router which stops
traffic going to port 179
 
Am I reading this correctly? Thank you
Nathasha

---------------------------------
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing

• Next message: Pun, Alec CL: "RE: dialer-watch question"
• Previous message: Lloyd Rochon: "RE: CCIE Voice Rack Rentals"
• Maybe in reply to: Nathasha Aleyevka: "BGP in promiscous/passive mode!"
• Next in thread: Adel Abushaev: "Re: BGP in promiscous/passive mode!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:46 GMT-3