Specifying The Source Interface For Tcp Connections - HPE FlexNetwork HSR6800 Configuration Manual
Layer 3-ip routing configuration guide
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (503 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Step
Configure MD5
5.
authentication for the BGP
peer group.
Enable BGP to accept
6.
connection requests from
the specified subnet and to
add dynamic peers into the
specified peer group.
Specifying the source interface for TCP connections
By default, BGP uses the output interface of the optimal route to a peer or peer group as the source
interface for establishing TCP connections to the peer or peer group, and it uses the primary IP
address of the output interface as the source IP address of TCP connections. You can change the
source interface (primary IP address) for TCP connections in the following scenarios:
•
If the peer's IP address belongs to an interface indirectly connected to the local router, you must
specify that interface as the source interface for TCP connections on the peer. For example,
interface A on the local end is directly connected to interface B on the peer. If you execute the
peer x.x.x.x as-number as-number command in which x.x.x.x is not the IP address of interface
B on the local end, you must use the peer connect-interface command on the peer to specify
the interface whose IP address is x.x.x.x as the source interface for establishing a TCP
connection.
•
On a BGP router that has multiple links to a peer, if the source interface fails, BGP has to
reestablish TCP connections. To avoid this problem, use a loopback interface as the source
interface.
•
To establish multiple BGP sessions between two routers, you must specify the source interface
for establishing TCP connections to each peer on the local router. Otherwise, the local BGP
router might fail to establish a TCP connection to a peer when using the outbound interface of
the best route to the peer as the source interface.
To specify the source interface for TCP connections:
Step
Enter system view.
1.
Command
peer group-name password
{ cipher | simple } password
listen-range ip-address
mask-length group group-name
Command
system-view
202
Remarks
By default, MD5 authentication
is not configured for the BGP
peer group.
To prevent illegal neighbors
from attacking the device,
Hewlett Packard Enterprise
recommends that you configure
BGP MD5 authentication for the
BGP peer group to which the
dynamic peers belong.
By default, no BGP dynamic
peer exists.
After BGP adds a dynamic peer
to the peer group, the peer gets
all the configuration of the peer
group, and you cannot configure
the dynamic peer.
A BGP peer cannot be both a
dynamic peer and a static peer.
After a device is configured as a
static BGP peer, the device
cannot become a dynamic peer,
and vice versa.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
