[j-nsp] Connection attempt from unconfigured session
Tore Anderson
tore.anderson at redpill-linpro.com
Mon May 7 03:23:50 EDT 2012
* Randy Bush
> i am getting a lot of these on my seattle internet exchange interface
>
> May 4 00:18:39 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::Ffff:222.77.14.229+40604
One neat feature you can use to get rid of noise and misbehaviour from
unconfigured peers is to use a prefix-list with apply-path to allow BGP
traffic only from configured peers, like so:
tore at cr2-osl2# show policy-options prefix-list bgp-configured-peers
apply-path "protocols bgp group <*> neighbor <*>";
and then just refer to it in your lo0 input filter (followed by a
default deny of course), in my case:
tore at cr2-osl2# show firewall family inet6 filter lo0-input-v6 term allow-bgp
from {
source-prefix-list {
bgp-configured-peers;
}
next-header tcp;
port bgp;
}
then accept;
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
More information about the juniper-nsp
mailing list