[c-nsp] GTSM IOS-XR
James Bensley
jwbensley+cisco-nsp at gmail.com
Mon Aug 12 17:18:18 EDT 2019
On Tue, 6 Aug 2019 at 18:38, Saku Ytti <saku at ytti.fi> wrote:
>
> If you are running GTSM in IOS-XR, it does not work. TTL is verified
> during 3-way-sync, not after. So anyone can reset that session with
> trivial amount of packets in subsecond.
>
> Cisco is is having internal problems arguing if this is feature or
> bug. If you are relying on GTSM on IOS-XR today, and this is problem
> for you, I recommend talking to your account team or TAC to create bit
> more internal pressure to help parties inside Cisco who want to get
> this fixed.
Hi Saku,
Have you tested and verified this? If so how?
For a BGP session for example, I would expect LTPS to drop TCP packets
from any remote IP address which is not explicitly configured as a
peer. Because everyone has 100% deployed uRPF and IP spoofing is an
issue whatsoever in the world, have you managed to find a reliable way
of repeating this issue from an IP address permitted by LTPS?
Cheers,
James.
More information about the cisco-nsp
mailing list