[c-nsp] Nexus Architecture question
Drew Weaver
drew.weaver at thenap.com
Wed Jun 2 09:40:44 EDT 2021
Has anyone seen a document from Cisco that shows where various processes running on various Nexus switches actually run from?
For example on a 9508 the nxapi runs in a Linux VM and in order to secure it you have to drop into the VM and use iptables.
I am trying to figure out where the BGP process lives (for lack of a better word). Does it run on the line cards? In the control plane? Both? Does it vary depending on which model and which line cards?
The reason I am asking is because I've noticed that no matter what I do I cannot seem to "close" the BGP port by using CoPP.
It always shows up as being open when doing a port scan against the system using NMAP. I know that the switch should not establish a connection with random hosts but I really am getting hung up on it being 'scannable'/visible at all.
More information about the cisco-nsp
mailing list