RE: Winstar says there is no TCP/BGP vulnerability

David Luyer wrote:
98 of the first 100 did not reset. Today,
I did another 12 and only one failed.

Thanks for the feedback.

If you have a fully redundant internal BGP, and are running
all 12.2S/12.3/12.2T, then you can rather safely do the
internal BGP passwords without a customer notice, expecting
no session drop but knowing if one did you'd have routes via
a second BGP reflector anyway.


Christopher L. Morrow wrote:
use a route-map to add/remove metric or localpref? or any
other settable thing on your side? or prepend or ....

Michel Py wrote:
Based on what criteria? Both the peer and the transit
announce the same prefix with the same AS-PATH length. I
agree that in many cases, favoring the route coming from
the transit provider would work,

Iljitsch van Beijnum wrote:
Huh? You don't pay for peering traffic by the megabit, so
the idea is to always prefer routes from peers.

Indeed, but we were talking about what to do with routes coming from the
peer that are not supposed to. Legit routes announced by the peer will
naturally be preferred, either because the prefix is longer than the one
received from transit, or because the AS-PATH is shorter as the prefix
is connected directly to the peer.