On Tue, 6 Aug 2019 at 18:38, Saku Ytti <[email protected]> wrote: > > If you are running GTSM in IOS-XR, it does not work. TTL is verified > during 3-way-sync, not after. So anyone can reset that session with > trivial amount of packets in subsecond. > > Cisco is is having internal problems arguing if this is feature or > bug. If you are relying on GTSM on IOS-XR today, and this is problem > for you, I recommend talking to your account team or TAC to create bit > more internal pressure to help parties inside Cisco who want to get > this fixed.
Hi Saku, Have you tested and verified this? If so how? For a BGP session for example, I would expect LTPS to drop TCP packets from any remote IP address which is not explicitly configured as a peer. Because everyone has 100% deployed uRPF and IP spoofing is an issue whatsoever in the world, have you managed to find a reliable way of repeating this issue from an IP address permitted by LTPS? Cheers, James. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
