From Perimeter Router Security Technical Implementation Guide Juniper
Part of Loopback address is not used as the iBGP source IP.
Using a loopback address as the source address offers a multitude of uses for security, access, management, and scalability. It is easier to construct appropriate filters for control plane traffic. Log information recorded by authentication and syslog servers will record the router’s loopback address instead of the numerous physical interface addresses.
Review the configuration and verify the loopback interface address is used as the source address for all iBGP peering. Step 1: Verify that a loopback address has been configured with an IP address. The configuration should look similar to the following: interfaces { lo0 { unit 0 { family inet { address 10.10.2.1/32; } } } Note: Only one loopback interface can be configured on Juniper routers; however, multiple addresses can be defined. Step 2: The vulnerability does not require eBGP peering to use the loopback address. Hence, the BGP router only requires that the loopback address is used to peer with its iBGP neighbors. You should find a configuration similar to the example below: protocols { bgp { group iBGP_111 { type internal; local-address 10.10.2.1; export next-hop-self; peer-as 111; neighbor 10.10.2.2; } } }
Configure the network device's loopback address as the source address for iBGP peering.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer