From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Tue Oct 28 2008 - 13:42:04 ARST
Hi Shaughn,
Welcome! And best luck to you in Dec.
BGP already implements an ACL-like functionality, in that the peers must
establish the TCP socket from and to the IPs identified in the BGP config.
And the BGP client must open port 179 on the server. Lastly, the to/from AS
config must match up on both ends of the eBGP session. So the ACL would
only be redundant, IMHO (for security purposes, anyway). Consider running
some ip packet and bgp debug and then intentionally break various aspects of
the config so that you know what some of the more common problems look like.
Cheers,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Shaughn Smith
Sent: Tuesday, October 28, 2008 5:25 AM
To: ccielab@groupstudy.com
Subject: Re: BGP Security
Hi all
I am new to the list and will be doing my SP lab on the 5th of December
Can you help me with the following question i got off one of my Practice
Labs
If you were asked to secure a InterAS BGP session with the most secure
method possible would you use the neighbor x.x.x.x password x x x x x
command or use an ACL on the two interfaces only allowing that BGP Peer to
establish a session on tcp port 179 or use both options ?
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:23 ARST