BGP passive interface

ksnarayan43 · ‎05-31-2007

Does BGP support passive interface?

or is the way to turn off trasmit and only recieve BGP advertisements.

thank you

sundar.palaniappan · ‎05-31-2007

I hope I understood your question correct. BGP doesn't support passive interface command as it doesn't use broadcast/multicast packets to form neighbor relationship and send routing updates. It uses unicast packets to peer with neighbor device(s) and send routing updates.

If you are trying to only receive routing updates but not advertise anything you still need to have a neighbor relationship but you can use prefix or distribute lists to block updates from being sent. We can provide an appropriate solution if you can just describe your topology and post the configuration of the device(s).

HTH

Sundar

devang_etcom · ‎05-31-2007

no BGP does not have Passive interface...

but you can filter the BGP update using filter list, ASpath access-list, distribute list etc...

regards

Devang

ksnarayan43 · ‎05-31-2007

thank you.

basically don't care much on what kind of updates it gives... i just want to force the OTHER device to initiate the connection, ie: send the SYN.

I want bgp to LISTEN for a neighbor , not try and connect to one itself.

thanks

sundar.palaniappan · ‎05-31-2007

I hope you got the point. You still need the neighbor between the devices to receive advertisements. But, if you don't want to advertise anything then do not redistribute anything into BGP or use network statements. If you are multihoming and already have BGP routes in the routing table then use filters suggested above to make sure you aren't advertising any routes.

HTH

Sundar

ksnarayan43 · ‎05-31-2007

Thank you Sundar.

I was just looking from a TCP level. Where router just recieve the "SYN"

Just trying to troubleshoot from TCP level , trying understand any error codes.

Harold Ritter · ‎05-31-2007

Krishnan,

You can do this using the following command:

neighbor x.x.x.x transport connection-mode passive

For more information on this command, please refer to the following URL:

http://www/en/US/products/ps6350/products_command_reference_chapter09186a0080454cee.html#wp1113611

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ksnarayan43 · ‎05-31-2007

thank you Sundar.

Can you repost the URL, it does not seem to work

thank you

Harold Ritter · ‎05-31-2007

Sorry Krishnan,

There it is.

http://www.cisco.com/en/US/products/ps6350/products_command_reference_chapter09186a0080454cee.html#wp1113611

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ksnarayan43 · ‎05-31-2007

thank you Sundar

-Krishnan

sundar.palaniappan · ‎05-31-2007

Krishnan,

Harold posted the link but I don't think that command is meant for what you are trying to achieve. Anyway, here's the link for that command.

http://www.cisco.com/en/US/products/ps6566/products_command_reference_chapter09186a008079e0f6.html

If you want to receive BGP SYN packets but not send any BGP packets out then you can apply an ACL similar to this one on the interface through which the neighbor is connected.

access-list 100 deny tcp any any eq bgp

HTH

Sundar

Harold Ritter · ‎05-31-2007

Sundar,

This command is meant exactly for what Krishnan wanted to accomplish, meaning to prevent the local router from actively open the TCP session on port 179.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

sundar.palaniappan · ‎05-31-2007

Harold,

But then based on the description of this command it appears if the device receives TCP SYN packets from the peer then it would respond with ACK packets in passive mode. Unless I misunderstood Krishnan he doesn't want any BGP packets to be sent by this device and wants to only continue receiving SYN packets from the peer for troubleshooting purposes.

HTH

Sundar

Harold Ritter · ‎05-31-2007

Sundar,

I was just responding based on the following question from Krishnan:

"basically don't care much on what kind of updates it gives... i just want to force the OTHER device to initiate the connection, ie: send the SYN.

I want bgp to LISTEN for a neighbor , not try and connect to one itself."

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ksnarayan43 · ‎05-31-2007

Thank you Hritter.

I was just looking at receiving SYN packets from the peer for troubleshooting purposes.

appreciate the responses.