Currently viewing the tag: "bgp"

Cisco: 2-Bytes / 4-Bytes ASN BGP scenarios

By On September 18, 2009 · 10 Comments

In my last post I wrote some basics about the new 4-bytes AS number which is supported on new Cisco IOS images. Now I would like to give you a brief overview about different BGP peering scenarios that you can meet in the real world. Even if the configuration examples in this article are on a Cisco hardware with the latest IOS, the BGP scenarios can be applied to any other platform.

OK, let take the following topology (the high [...]

Continue Reading

4-bytes Autonomous System Number

By On September 2, 2009 · 4 Comments

Last week I received a form from APNIC with a new AS numbers. When I had a look through papers I saw there something strange: AS 123456 (I replaced the original with this number). 6 digits. First I thought that there is a mistake or something, then I recall the new 4-bytes ASN. If for IPv6 the things seems to be moving slower, than for the new format of AS numbers, it seems that the things are going faster. So faster that by January 1, [...]

Continue Reading

Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities

By On August 27, 2009 · Leave a Comment

Official document on Cisco Security Advisory website

Summary

Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature. These vulnerabilities include:

Cisco IOS XR Software will reset a BGP peering session when receiving a specific invalid BGP update.

The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap [...]

Continue Reading

Cisco IOS Software BGP 4-Byte AS Number Vulnerabilities

By On August 6, 2009 · Leave a Comment

Recent versions of Cisco IOS Software support RFC4893 (“BGP Support for Four-octet AS Number Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured.The device is vulnerable if it is running affected Cisco IOS version and has BGP configured, regardless of whether the device is configured with a 2 [...]

Continue Reading

Cisco: 6 best practice security tips for BGP

By On February 5, 2009 · 1 Comment

As we all know, in today’s digital communication world, there is a very big possibility that your network is or was target for a malicious activity. BGP is one of the most targeted routing protocols when we are talking about network attacks.Why? This is quite simple. BGP is your connection to the exterior world (peer networks, Internet and everything which is outside your LAN/MAN), so it is somehow normal to be the main target of the conducted attacks. If in case of the WWW, DNS, [...]

Continue Reading

Cisco: Engineer’s trick to avoid suboptimal path

By On January 16, 2009 · 9 Comments

I was explaining in the previous post what is the difference between optimal and suboptimal path and how to avoid the use of not such a good path in your routed environment. Also there I presented this so call “dirty trick” you can use to force the routing protocol to choose the path that you want, based on the Administrative distance modification.

As I said there is another way (for sure more than one) to do it, using [...]

Continue Reading

Cisco: Dirty trick to force optimal path in routed environment

By On January 15, 2009 · 3 Comments

Everywhere in the world people try to find the optimal path to achieve something.If we speak about roads, trips and in our case networking, choosing the best path to an end point can have only advantages.

I took the term optimal / suboptimal path from the routing issues that can appear in the OSPF network environment and which are called by the experts suboptimal routing. What I want to explain here, maybe you already seen it, is that in some network environment the best path [...]

Continue Reading

Cisco: BGP path selection for inbound traffic

By On December 10, 2008 · 3 Comments

In some previous post we saw how we can manipulate BGP paths using attributes for outgoing traffic. Today we will see how to use another BGP attribute, but this time for manipulating inbound traffic. First I would like to ask you to have a look into the topology file and also to check the config files (if you have a basic idea about how BGP is configured that you don’t need the config files).

From the [...]

Continue Reading

Cisco: How to improve BGP table stability with route dampening

By On December 3, 2008 · 4 Comments

One of the issues that can affect BGP table stability is link flapping. Imagine that if a link to a network is flapping very often, BGP process has to remove the route to that network from the BGP table and implicit from the routing table and then we the link is available again to re-introduce the prefix in these tables. All this means some BGP operations that consume CPU and memory of the machine.

A way to improve the BGP table stability is to use [...]

Continue Reading

Cisco: BGP path selection for outgoing traffic

By On December 1, 2008 · 2 Comments

Before going further on, please download the topology and the initial configuration files and have a close look into them (mostly into topology drawing). Also, this tutorial is addressed to people that know what is BGP and how to do a basic configuration for peering establishing.

For modifying the BGP automate selection of the best path, we have to modify some of BGP attributes from the table below:
Since today we will deal [...]

Continue Reading