Hi Justin, On 06.05.20 20:15, Justin Cattle wrote:
Hi,
Is it possible to bind BFD listen ports to a particular IP ?
I've tried a few different BFD procol configs, tried specify different neighbor options, but I always see this:
udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bird",pid=7219,fd=12))
udp UNCONN 0 0 0.0.0.0:4784 0.0.0.0:* users:(("bird",pid=7219,fd=13))
I would like to bind it to the IP for each p2p interface, so it's not reachable on any other IPs.
Is what I'm trying to acheive even possible ?
If you are running linux you can maybe achieve this by setting `arp_announce`, to avoid answers from different interfaces of the machine; and if I'm not mistaken the spec for BFD states that regarding security the "only" option is to filter on interface, src addr and ttl=255. (Sry but atm I'm to lazy to look it up...) Hope this helps a little bit. Best, Bernd