> From: Saku Ytti [mailto:s...@ytti.fi]
> Sent: Tuesday, May 23, 2017 11:16 AM
>
> On 23 May 2017 at 13:06, wrote:
>
> > Router listening for all IS m-cast MAC addresses on all interfaces rather
> than solely on interfaces actually configured with ISIS seems like
> Saku Ytti [mailto:s...@ytti.fi]
> Sent: Friday, May 26, 2017 2:48 PM
>
> On 26 May 2017 at 14:44, wrote:
>
> Hey,
>
> > Regarding OSPF unless you are using virtual-links or sham-links, then
> > all messages are bound to a directly connected subnet so you can
>
On 26 May 2017 at 14:44, wrote:
Hey,
> Regarding OSPF unless you are using virtual-links or sham-links, then all
> messages are bound to a directly connected subnet so you can safely
> implement the ttl check with 254 (one hop).
This is implementation specific
.@ytti.fi <mailto:s...@ytti.fi> >
Sent: Tuesday, 23 May 2017 7:10 PM
To: adamv0...@netconsultings.com <mailto:adamv0...@netconsultings.com>
Cc: CiscoNSP List; cisco-nsp@puck.nether.net
<mailto:cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] Best practise/security design for BG
On 25 May 2017 at 14:28, CiscoNSP List wrote:
> Thanks very much Saku - Ive googled, but not found anything confirming...but
> ttl sec check under ospf, would it cause any issues with rLFA/FRR...i.e
> dynamic creation of tunnels?
No. rLFA is about having visibility
:23 PM
To: CiscoNSP List
Cc: adamv0...@netconsultings.com; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Best practise/security design for BGP and OSPF
On 25 May 2017 at 05:25, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
Hey,
> but not XE? Regarding TTL(In both OSPF and BGP)..
On 25 May 2017 at 05:25, CiscoNSP List wrote:
Hey,
> but not XE? Regarding TTL(In both OSPF and BGP)hop count can be
> arbitrary, if we encounter a link failure...do we just use worse case
In iBGP yes, in eBGP and OSPF usually no. Typical design guarantees
Tuesday, 23 May 2017 7:10 PM
To: adamv0...@netconsultings.com
Cc: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Best practise/security design for BGP and OSPF
On 23 May 2017 at 12:00, <adamv0...@netconsultings.com> wrote:
Hey,
> Regarding OSPF,
> Best security is to u
On 23 May 2017 at 13:06, wrote:
> Router listening for all IS m-cast MAC addresses on all interfaces rather
> than solely on interfaces actually configured with ISIS seems like a bug.
Not all HW support per-port punt-masks. So if you have to punt ISIS
frames on
> Saku Ytti [mailto:s...@ytti.fi]
> Sent: Tuesday, May 23, 2017 10:11 AM
>
> On 23 May 2017 at 12:00, wrote:
>
> Hey,
>
> > Regarding OSPF,
> > Best security is to use it solely for routing PE loopbacks (i.e. no
> > connectivity outside the core).
>
> But
On 23 May 2017 at 12:00, wrote:
Hey,
> Regarding OSPF,
> Best security is to use it solely for routing PE loopbacks (i.e. no
> connectivity outside the core).
But because it's IP, you might receive spooffed packet further down
the line and believe you received it
> CiscoNSP List
> Sent: Tuesday, May 23, 2017 7:45 AM
>
> Hi Everyone,
>
> Just doing a bit of a refresh of our current bgp+ospf templates to ensure
> they are inline with todays "best pracitse"
>
> (I have googled this, but majority of the exmaples are from circa 2012 or
> earlierso hoping
Hi Everyone,
Just doing a bit of a refresh of our current bgp+ospf templates to ensure they
are inline with todays "best pracitse"
(I have googled this, but majority of the exmaples are from circa 2012 or
earlierso hoping someone can provide some feebdack :)
Current BGP (We use RR's with
13 matches
Mail list logo