North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

  • From: Matthew Crocker
  • Date: Thu Apr 22 19:56:04 2004


next thing to protect is customer ebgp sessions. some providers don't even
route the p2p /30 links used between cust and their backbone (i.e. Sprint).
so that's up to you.

some backbones even filter all traffic destined to backbone prefixes at
ingress points (border routers, cust edge routers)... for example.. att
being one. for example, here comes random test:
Couldn't we use 2 /30 subnets on PtP links? 1 /30 with real IPs for ICMP, MTU, reachability etc. and one RFC1918 /30 as secondary for eBGP sessions. I know when a router originates a packet (like with BGP) it sets the source IP to the IP of the interface the packet leaves. Is BGP smart enough when setting up BGP neighbors to use an IP in the same subnet as the neighbor (the secondary interface IP)?