On 2024/07/22 10:15, Claudio Jeker wrote:
> On Sun, Jul 21, 2024 at 11:41:21AM +0200, Alexander Bluhm wrote:
> > 
> > Of course pf states have different timeouts than ARP or ND6.  Or
> > are you more concerned about dynamic BGP routes that get referenced
> > by states?
> 
> Both. In most cases BGP routers will probably avoid states since routing
> at that level is asymetric.

Typically I use stateful rules on BGP routers for traffic to the router
itself, and stateless for forwarded traffic. (Some people.may use
"sloppy" but I ran into problems with that).

As such the BGP sessions themselves are typically on stateful rules,
and in many cases this is to a loopback IP address distributed by OSPF
running across multiple WAN links - so if an old route is cached, there
will be problems if a WAN link goes down.