Re: BGP, TCP, & Firewalls [7:14286]

Mon, 30 Jul 2001 18:05:48 -0700 

John,

Not to the best of my knowledge...  The way I understand it, after
you've got each router configured, they will each periodically attempt
to bring up the session.  This session is like any other normal TCP
session.

The initiator uses an arbitrary port above 1024 to originate, and
attempts to connect to the other router on well-known port 179.  All
traffic will flow across this connection.

Alan

----- Original Message -----
From: "John Abruzzese" 
To: "W. Alan Robertson" ;

Sent: Tuesday, July 31, 2001 3:04 AM
Subject: Re: BGP, TCP, & Firewalls [7:14286]


> Alan,
>
> When trying to connect to a peer using eBGP don't both routers have
to allow
> port 179 inbound to complete the BGP synchronization process before
2 eBGP
> speakers can talk? like the notification process etc? Just
wondering.
>
> John
>
> ----- Original Message -----
> From: "W. Alan Robertson" 
> To: 
> Sent: Monday, July 30, 2001 4:53 PM
> Subject: Re: BGP, TCP, & Firewalls [7:14286]
>
>
> > Yes, you need to allow TCP port 179 outbound...  This way, only
your
> > internal BGP speaker will be allowed to initiate the connection,
and
> > external probes inbound on 179 will fail (No need to let those
nasty
> > hacker know that you're running BGP through the firewall, right?).
> >
> > Alan
> >
> > ----- Original Message -----
> > From: "Circusnuts"
> > To:
> > Sent: Monday, July 30, 2001 7:14 PM
> > Subject: BGP, TCP, & Firewalls [7:14286]
> >
> >
> > > I'm surveying a project I have been slated for @ work & I was
> > wondering if
> > > the
> > > BGP guru's could help clear-up a question.  If I were to run
> > internal BGP &
> > > external BGP, am I forced to leave a TCP port open in the
firewall
> > ???
> > >
> > > I had not an answer when the customer asked me this  :-P
> > >
> > > Thanks
> > > Phil
> > [EMAIL PROTECTED]
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14299&t=14286
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to