Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Examples of implementing restrictive filters limiting access to BGP (TCP 179)

Posted on 2004-04-27
1
189 Views
Last Modified: 2010-08-05
Can anyone give me some examples of implementing  restrictive filters or access-list limiting access to BGP (TCP 179) to only the necessary peers.

example configs:

router bgp 70000
network 206.25.32.0 mask 255.255.255.248
neighbor 200.4.3.98
0
Comment
Question by:ritru
1 Comment
 
LVL 11

Accepted Solution

by:
PennGwyn earned 125 total points
ID: 10933189
Like

access-list 101 permit tcp host 200.4.3.98 any eq 179
access-list 101 deny tcp any any eq 179
access-list 101 permit ip any any

interface Serial0/0
access-group 101 in

But that's cumbersome, and you may already be using an access-list on that interface.  And it won't protect you from somebody spoofing your neighbor's address as the source.

A simpler approach is to encrypt the link:

neighbor 200.4.3.98 password "oursharedsecret"

which will allow BGP packets only if they come from somebody who has the same secret configured on their neighbor statement pointing at you.

(This is the recommended fix for the issue that Cisco and others raised last week....)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question