[j-nsp] BGP neighbor shutdown (was Redundant SSB)
adel mezibra
adel.mezibra at peoch.net
Sun May 30 06:52:12 EDT 2004
Hi,
you can simply create an 'admindown-peer' BGP group where you move the
shutdown peers and use 'set protocol bgp group admindown-peer passive' to
configure the router so that it does not send Open requests to a peer in
that group, then you can use :
apply-path protocol bgp group admindown-peer neighbour <*>
in a firewall statement to expand neighbors IP address and filter tcp
attempt to port 179 from all those peers..
I agree that it's more complex than a 'neighbor shutdown' but that achieve
almost the same thing and once it's configured you just have to move the
neighbor config in that group. (either with deactivate/set or delete/set)
Adel Mezibra
-----Message d'origine-----
De : juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] De la part de Daniel Roesen
Envoyé : samedi 29 mai 2004 23:42
À : juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] Redundant SSB
On Sat, May 29, 2004 at 11:30:03PM +0200, Jonas Frey wrote:
> Yay, Juniper do you always have to hide the important commands this
> much? ;)
Well, this is a generic command to deactivate arbitrary portions
of the config.
But beware: you won't see the neighbor anymore in "show bgp summary"
etc. Which sucks.
Regards,
Daniel (waiting for "set neighbor x.x.x.x disable")
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.687 / Virus Database: 448 - Release Date: 16/05/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.687 / Virus Database: 448 - Release Date: 16/05/2004
More information about the juniper-nsp
mailing list