[j-nsp] CVE-2023-4481
heasley
heas at shrubbery.net
Wed Aug 30 12:09:09 EDT 2023
Tue, Aug 29, 2023 at 03:42:41PM -0700, David Sinn via juniper-nsp:
> A network I operate is going with:
>
> bgp-error-tolerance {
> malformed-route-limit 0;
> }
>
> The thoughts being that there is no real reason to retain the malformed route and the default of 1000 is arbitrary. We haven't really seen a rash of them, so adjusting the logging hasn't proven needed yet.
It does seem arbitrary. retaining all seems like a better choice,
operationally. allowing the operator diagnose why a route is missing;
show route .... hidden.
More information about the juniper-nsp
mailing list