A network I operate is going with:
bgp-error-tolerance {
malformed-route-limit 0;
}
The thoughts being that there is no real reason to retain the malformed route
and the default of 1000 is arbitrary. We haven't really seen a rash of them, so
adjusting the logging hasn't proven needed yet.
I don't have anything running 14.x to test, but per the documentation the above
should be supported from 13.2.
David
> On Aug 29, 2023, at 2:06 PM, Randy Bush via juniper-nsp
> <[email protected]> wrote:
>
> do we have a recommended `bgp-error-tolerance {}` config to deal with
> CVE-2023-4481?
>
> and what does one do on antique hardwhere with. e.g., junos 14?
>
> randy
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
