BGP w/ MD5 and range

Wed Jan 29 15:29:47 CET 2020

Hi,

I've found that It is supported since 4.14:

https://github.com/torvalds/linux/commit/8917a777be3ba566377be05117f71b93a5fd909d

http://docs.frrouting.org/en/latest/bgp.html#clicmd-[no]bgplistenrange%3CA.B.C.D/M|X:X::X:X/M%3Epeer-groupPGNAME

In FRR I hit the same issue (when using range 0.0.0.0/0) but I was able to
resolve using:
bgp listen range 0.0.0.0/1 peer-group quiz
bgp listen range 128.0.0.0/1 peer-group quiz

I'll try to check if the same approach works on BIRD.

Best regards,
Adam

On Wed, Jan 29, 2020 at 3:17 PM Ondrej Zajicek <santiago at crfreenet.org>
wrote:

> On Tue, Jan 28, 2020 at 07:57:42PM +0100, Adam Kułagowski wrote:
> > Hi,
> >
> > Is the following configuration supported ?
>
> Hi
>
> Probably not. The neighbor address (in this case 0.0.0.0) is passed to
> kernel in TCP_MD5SIG socket option, but i guess that passing zero address
> just make it to fail silently. There is also (AFAIK) no way to pass a
> range to kernel. So probably we should just add configuration check and
> reject password together with range.
>
>
> > protocol bgp {
> >     debug { states, routes, filters, interfaces, events, packets };
> >     debug all;
> >     ipv4 {
> >         import none;
> >         export filter export_bgp;
> >     };
> >     local as 65001;
> >     neighbor range 0.0.0.0/0 as 65001 internal;
> >     #neighbor 10.255.254.3 as 65001 internal;
> >     password "12345678";
> > }
>
> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200129/4313fd9c/attachment.htm>