05-31-2007 01:26 PM - edited 03-03-2019 05:14 PM
Does BGP support passive interface?
or is the way to turn off trasmit and only recieve BGP advertisements.
thank you
05-31-2007 01:37 PM
I hope I understood your question correct. BGP doesn't support passive interface command as it doesn't use broadcast/multicast packets to form neighbor relationship and send routing updates. It uses unicast packets to peer with neighbor device(s) and send routing updates.
If you are trying to only receive routing updates but not advertise anything you still need to have a neighbor relationship but you can use prefix or distribute lists to block updates from being sent. We can provide an appropriate solution if you can just describe your topology and post the configuration of the device(s).
HTH
Sundar
05-31-2007 01:44 PM
no BGP does not have Passive interface...
but you can filter the BGP update using filter list, ASpath access-list, distribute list etc...
regards
Devang
05-31-2007 02:24 PM
thank you.
basically don't care much on what kind of updates it gives... i just want to force the OTHER device to initiate the connection, ie: send the SYN.
I want bgp to LISTEN for a neighbor , not try and connect to one itself.
thanks
05-31-2007 02:49 PM
I hope you got the point. You still need the neighbor between the devices to receive advertisements. But, if you don't want to advertise anything then do not redistribute anything into BGP or use network statements. If you are multihoming and already have BGP routes in the routing table then use filters suggested above to make sure you aren't advertising any routes.
HTH
Sundar
05-31-2007 03:09 PM
Thank you Sundar.
I was just looking from a TCP level. Where router just recieve the "SYN"
Just trying to troubleshoot from TCP level , trying understand any error codes.
05-31-2007 03:09 PM
Krishnan,
You can do this using the following command:
neighbor x.x.x.x transport connection-mode passive
For more information on this command, please refer to the following URL:
http://www/en/US/products/ps6350/products_command_reference_chapter09186a0080454cee.html#wp1113611
Hope this helps,
05-31-2007 03:20 PM
thank you Sundar.
Can you repost the URL, it does not seem to work
thank you
05-31-2007 03:24 PM
Sorry Krishnan,
There it is.
Hope this helps,
05-31-2007 03:27 PM
thank you Sundar
-Krishnan
05-31-2007 03:28 PM
Krishnan,
Harold posted the link but I don't think that command is meant for what you are trying to achieve. Anyway, here's the link for that command.
http://www.cisco.com/en/US/products/ps6566/products_command_reference_chapter09186a008079e0f6.html
If you want to receive BGP SYN packets but not send any BGP packets out then you can apply an ACL similar to this one on the interface through which the neighbor is connected.
access-list 100 deny tcp any any eq bgp
HTH
Sundar
05-31-2007 03:32 PM
Sundar,
This command is meant exactly for what Krishnan wanted to accomplish, meaning to prevent the local router from actively open the TCP session on port 179.
Hope this helps,
05-31-2007 03:38 PM
Harold,
But then based on the description of this command it appears if the device receives TCP SYN packets from the peer then it would respond with ACK packets in passive mode. Unless I misunderstood Krishnan he doesn't want any BGP packets to be sent by this device and wants to only continue receiving SYN packets from the peer for troubleshooting purposes.
HTH
Sundar
05-31-2007 03:43 PM
Sundar,
I was just responding based on the following question from Krishnan:
"basically don't care much on what kind of updates it gives... i just want to force the OTHER device to initiate the connection, ie: send the SYN.
I want bgp to LISTEN for a neighbor , not try and connect to one itself."
Regards,
05-31-2007 03:47 PM
Thank you Hritter.
I was just looking at receiving SYN packets from the peer for troubleshooting purposes.
appreciate the responses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide