BGP w/ MD5 and range

Ondrej Zajicek santiago at crfreenet.org
Wed Jan 29 15:43:53 CET 2020 

On Wed, Jan 29, 2020 at 03:29:47PM +0100, Adam Kułagowski wrote:
> Hi,
> 
> I've found that It is supported since 4.14:
> 
> https://github.com/torvalds/linux/commit/8917a777be3ba566377be05117f71b93a5fd909d

Great, so it could be easily fixed, will check that.


> http://docs.frrouting.org/en/latest/bgp.html#clicmd-[no]bgplistenrange%3CA.B.C.D/M|X:X::X:X/M%3Epeer-groupPGNAME
> 
> In FRR I hit the same issue (when using range 0.0.0.0/0) but I was able to
> resolve using:
> bgp listen range 0.0.0.0/1 peer-group quiz
> bgp listen range 128.0.0.0/1 peer-group quiz
> 
> I'll try to check if the same approach works on BIRD.
> 
> Best regards,
> Adam
> 
> On Wed, Jan 29, 2020 at 3:17 PM Ondrej Zajicek <santiago at crfreenet.org>
> wrote:
> 
> > On Tue, Jan 28, 2020 at 07:57:42PM +0100, Adam Kułagowski wrote:
> > > Hi,
> > >
> > > Is the following configuration supported ?
> >
> > Hi
> >
> > Probably not. The neighbor address (in this case 0.0.0.0) is passed to
> > kernel in TCP_MD5SIG socket option, but i guess that passing zero address
> > just make it to fail silently. There is also (AFAIK) no way to pass a
> > range to kernel. So probably we should just add configuration check and
> > reject password together with range.
> >
> >
> > > protocol bgp {
> > >     debug { states, routes, filters, interfaces, events, packets };
> > >     debug all;
> > >     ipv4 {
> > >         import none;
> > >         export filter export_bgp;
> > >     };
> > >     local as 65001;
> > >     neighbor range 0.0.0.0/0 as 65001 internal;
> > >     #neighbor 10.255.254.3 as 65001 internal;
> > >     password "12345678";
> > > }
> >
> > --
> > Elen sila lumenn' omentielvo
> >
> > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> > "To err is human -- to blame it on a computer is even more so."
> >

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

More information about the Bird-users mailing list