Wednesday, February 3, 2016

BGP - Passive Peer Feature Explanation.

BGP -passive Peer

Requested :
1       1- BGP Active between R1 & R2,R3

         2-  R2 is Main Peer and R3 is Backup Peer for R1 failed.

Solutions :
1     -      Configure HSRP between R2 & R3 and Assure R2 is Active and R3 is standby.
2     -      Configure BGP between R1 and VIP of R2&R3.

Incident :
BGP Established between R1 and R2 and  R3 will trying to establish BGP and send many SYN Packets to R1 to get TCP Session UP then initiate BGP Connection.
If you have Intermediate Firewall will experience many SYN Packets send respectively and may consider this as ATTACK and DROP this Communication and RESULT :  BGP will not Came UP between R1 & R3 due to Firewall

why R3 will send Many SYN Packets ?

AS R1 will receive SYN on same TCP port 179 so it will reject this packet and will send RST to sender , causing infinite SYN Packets and that trigger as attack by any Intrusion detective device in the middle.

Sample of SYN Logs :
R3 [ Sender ] :
*Aug 11 14:34:16.483: TCB66DF0BA4 created
*Aug 11 14:34:16.483: TCB66DF0BA4 setting property TCP_VRFTABLEID (14) 66D27860
*Aug 11 14:34:16.483: TCB66DF0BA4 setting property TCP_MD5KEY (2) 0
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_ACK_RATE (16) 66DF0928
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_TOS (1) 66DF0918
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_PMTU (10) 66DF08E4
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_RTRANSTMO (26) 66DF0924
*Aug 11 14:34:16.491: TCP: Random local port generated 13857, network 1
*Aug 11 14:34:16.491: TCB66DF0BA4 bound to 1.1.1.3.13857
R3#
*Aug 11 14:34:16.491: TPA: Reserved port 13857 in Transport Port Agent for TCP IP type 1
*Aug 11 14:34:16.495: TCP: sending SYN, seq 3452347732, ack 0
*Aug 11 14:34:16.495: TCP0: Connection to 1.1.1.1:179, advertising MSS 1460
*Aug 11 14:34:16.499: TCP0: state was CLOSED -> SYNSENT [13857 -> 1.1.1.1(179)]
*Aug 11 14:34:16.575: TCP0: state was SYNSENT -> CLOSED [13857 -> 1.1.1.1(179)]
*Aug 11 14:34:16.579: TPA: Released port 13857 in Transport Port Agent for TCP IP type 1 delay 240000
*Aug 11 14:34:16.579: TCP0: bad seg from 1.1.1.1 -- closing connection: port 13857 seq 0 ack 3452347733 rcvnxt 0 rcvwnd 0 len 0
*Aug 11 14:34:16.579: TCP0: connection closed - remote sent RST
R1 [Receiver] :
*Aug 11 14:35:26.711: TPA: Reserved port 0 in Transport Port Agent for TCP IP type 1
*Aug 11 14:35:26.711: TCP: connection attempt to port 179
*Aug 11 14:35:26.711: TCP: sending RST, seq 0, ack 398763832
*Aug 11 14:35:26.715: TCP: sent RST to 1.1.1.3:58841 from 1.1.1.1:179
*Aug 11 14:35:26.719: TCP0: state was LISTEN -> CLOSED [0 -> UNKNOWN(0)]
*Aug 11 14:35:26.719: TPA: Released port 0 in Transport Port Agent for TCP IP type 1 delay 240000
*Aug 11 14:35:26.719: TCB 0x666BEDB4 destroyed


Solution :

R3 to become a Passive Peer “Listen to TCP SYN Packet” and force BGP session always established from by R1 .

Configuration :
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 transport connection-mode passive








Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)