Hi, Is it possible to bind BFD listen ports to a particular IP ? I've tried a few different BFD procol configs, tried specify different neighbor options, but I always see this: udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bird",pid=7219,fd=12)) udp UNCONN 0 0 0.0.0.0:4784 0.0.0.0:* users:(("bird",pid=7219,fd=13)) I would like to bind it to the IP for each p2p interface, so it's not reachable on any other IPs. Is what I'm trying to acheive even possible ? Thanks! Cheers, Just -- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
I'm guessing it's just not possible then - can any developer confirm it for me ? Would be nice to know if I've just missed some config or not. Thanks :) Cheers, Just On Wed, 6 May 2020 at 19:15, Justin Cattle <j@ocado.com> wrote:
Hi,
Is it possible to bind BFD listen ports to a particular IP ?
I've tried a few different BFD procol configs, tried specify different neighbor options, but I always see this:
udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bird",pid=7219,fd=12)) udp UNCONN 0 0 0.0.0.0:4784 0.0.0.0:* users:(("bird",pid=7219,fd=13)) I would like to bind it to the IP for each p2p interface, so it's not reachable on any other IPs.
Is what I'm trying to acheive even possible ?
Thanks!
Cheers, Just
-- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
On Tue, May 12, 2020 at 12:04:43PM +0100, Justin Cattle wrote:
I'm guessing it's just not possible then - can any developer confirm it for me ?
Hi Yes, it is not possible. RX socket is alwas opened for 0.0.0.0 / ::, you can just configure whether for IPv4 / IPv6 or both (default). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Thanks for the confirmation Ondrej Cheers, Just On Tue, 12 May 2020 at 17:28, Ondrej Zajicek <santiago@crfreenet.org> wrote:
On Tue, May 12, 2020 at 12:04:43PM +0100, Justin Cattle wrote:
I'm guessing it's just not possible then - can any developer confirm it for me ?
Hi
Yes, it is not possible. RX socket is alwas opened for 0.0.0.0 / ::, you can just configure whether for IPv4 / IPv6 or both (default).
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
Hi Justin, On 06.05.20 20:15, Justin Cattle wrote:
Hi,
Is it possible to bind BFD listen ports to a particular IP ?
I've tried a few different BFD procol configs, tried specify different neighbor options, but I always see this:
udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bird",pid=7219,fd=12))
udp UNCONN 0 0 0.0.0.0:4784 0.0.0.0:* users:(("bird",pid=7219,fd=13))
I would like to bind it to the IP for each p2p interface, so it's not reachable on any other IPs.
Is what I'm trying to acheive even possible ?
If you are running linux you can maybe achieve this by setting `arp_announce`, to avoid answers from different interfaces of the machine; and if I'm not mistaken the spec for BFD states that regarding security the "only" option is to filter on interface, src addr and ttl=255. (Sry but atm I'm to lazy to look it up...) Hope this helps a little bit. Best, Bernd
participants (3)
-
Bernd Naumann -
Justin Cattle -
Ondrej Zajicek