BGP
- Ashish Khabde
Analytics
The following table lists the auto rules that are used to mitigate BGP attacks on your advanced appliance when BGP is enabled. For information about the parameters, see Overview of Packet Flow.
| Rule ID | Rule Type | Rule Name | Description | Enable/Disable Condition | Parameters | Comments |
|---|---|---|---|---|---|---|
| 130700100 | Auto | DROP BGP header length shorter than spec | When BGP is enabled, this rule drops TCP BGP packets that contain message header length that is shorter than the RFC specification. | Enabled when BGP service on this member is configured. | Events per second (default=1) | |
| 130700200 | Auto | DROP BGP header length longer than spec | When BGP is enabled, this rule drops TCP BGP packets that contain message header length that is longer than the RFC specification. | Enabled when BGP service on this member is configured. | Events per second (default=1) | |
| 130700300 | Auto | DROP BGP spoofed connection reset attempts | When BGP is enabled, this rule drops TCP BGP packets that contain spoofed connection reset. | This rule is enabled when BGP service on this member is configured. | Events per second (default=1) | |
| 130700400 | Auto | DROP BGP invalid type 0 | When BGP is enabled, this rule drops TCP BGP packets that contain invalid message type 0. | This rule is enabled when BGP service on this member is configured. | Events per second (default=1) | |
| 130700500 | Auto | DROP BGP invalid type bigger than 5 | When BGP is enabled, this rule drops TCP BGP packets that contain invalid message type greater than 5. | This rule is enabled when BGP service on this member is configured. | Events per second (default=1) | |
| 130700550 | Auto | RATELIMIT PASS BGP IPv4 peer TCP connection attempts | This rule passes TCP BGP route advertisement connection attempts from IPv4 peers when BGP is enabled and if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | This rule is enabled when BGP service on this member is configured with IPv4 peers. | Packets per second (default=10) Drop Interval (default=60 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130700600 | Auto | RATELIMIT PASS BGP allowed with IPv4 peer | This rule passes TCP BGP route advertisement to IPv4 peers when BGP is enabled and if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | This rule is enabled when BGP service on this member is configured with IPv4 peers. | Packets per second (default=10) Drop Interval (default=60 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130700650 | Auto | RATELIMIT PASS BGP IPv6 peer TCP connection attempts | This rule passes TCP BGP route advertisement connection attempts from IPv6 peers when BGP is enabled and if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | This rule is enabled when BGP service on this member is configured with IPv6 peers. | Packets per second (default=10) Drop Interval (default=60 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130700700 | Auto | RATELIMIT PASS BGP allowed with IPv6 peer | This rule passes TCP BGP route advertisement to IPv6 peers when BGP is enabled and if the packet rate is less than the Packets per second value. If any source IP sends packets over this value, the appliance allows traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. | This rule is enabled when BGP service on this member is configured with IPv6 peers. | Packets per second (default=10) Drop Interval (default=60 sec) Rate algorithm (default = rate limiting) Events per second (default=1) | |
| 130800100 | Auto | DROP BGP unexpected | When BGP is enabled, this rule drops unexpected TCP BGP packets. | This rule takes effect when BGP service on this member is NOT configured. | Events per second (default=1) | This rule is exclusive with other rules based on whether BGP is configured on the member or not. |