BGP is working fine. I have a VR that’s happily peering with peers. Running EXOS 126.96.36.199 on a BD8800
The “problem” is, that this VR handles several connected VLANs, plays default gateway for those vlans/networks. Now someone on the corporate security team went to shodan.io, typed in one of the IPs of a vlan that’s on that VR (not the vlan that has BGP peers), and shodan tells them that, yes, TCP port 179 does listen and declined the connection. While I’m OK with that, “Corporate” doesn’t like the fact that it answers to BGP at all.
Now, is there a way for me to disable BGP on a per-vlan basis (which I doubt)? I know I could craft some ACL that drops all TCP port 179 packets unless they come from a valid peer, IPv4 and IPv6, but I wonder how “expensive” that is in terms of CPU/throughput, or what to best apply such an ACL to.