BGP w/ MD5 and range
Ondrej Zajicek
santiago at crfreenet.org
Wed Jan 29 15:17:57 CET 2020
On Tue, Jan 28, 2020 at 07:57:42PM +0100, Adam Kułagowski wrote:
> Hi,
>
> Is the following configuration supported ?
Hi
Probably not. The neighbor address (in this case 0.0.0.0) is passed to
kernel in TCP_MD5SIG socket option, but i guess that passing zero address
just make it to fail silently. There is also (AFAIK) no way to pass a
range to kernel. So probably we should just add configuration check and
reject password together with range.
> protocol bgp {
> debug { states, routes, filters, interfaces, events, packets };
> debug all;
> ipv4 {
> import none;
> export filter export_bgp;
> };
> local as 65001;
> neighbor range 0.0.0.0/0 as 65001 internal;
> #neighbor 10.255.254.3 as 65001 internal;
> password "12345678";
> }
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list