BGP/OSPF router security
Henrique de Moraes Holschuh
hmh at hmh.eng.br
Sun Feb 10 13:34:43 CET 2013
On Sun, 10 Feb 2013, James Howlett wrote:
> > There are some guidelines (still WIP) here:
> > https://wiki.freebsd.org/NetworkPerformanceTuning
> >
> > Btw, what amount of traffic (PPS) we are talking about?
> >
>
> 200k pps . The problem was, that the router started to drop the OSFP related comunication, and all my network went off-line.
1. I suggest you read http://tools.ietf.org/html/rfc6192 for some ideas.
2. To fix the issue, you must implement QoS site-wide: you must priorize the
control-plane traffic (i.e. OSPF, BGP, etc) from known-good sources, and
depriorize (maybe even drop) control-plane traffic from any unknown sources
on all border routers (including access routers), as well as any traffic
that should not be in the control-plane traffic class.
Use the highest priority class for control-plane traffic.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Bird-users
mailing list