Anycast IPs like 8.8.4.4 or 8.8.8.8, shows different countries with different Spack releases

Modified on: Fri, 6 Dec, 2024 at 4:38 PM

If an IP address is ANYCAST, then the recommendation is to not use Country based match to Block traffic, as the country of origin may get dynamically updated when newer spacks are installed.

admin@Branch-cli> request orgs org-services Snehal_Parent_Org security ip-filtering geo-location lookup ip-address 8.8.8.8
status Success
country US
state Texas-US
city San Marcos-TX-US
latitude 29.8832
longitude -97.9413
anycast true                 ####Please check if the IP is anycast True or False

Recommendation is to have a separate security access policy with a check "Destination Address Anycast" and perform required security action with no country based check in the destination match.

Please note that this feature is only supported from 22.1.4 and above Director releases. VOS yang support is starting from 22.1.1 and above.

Did you find it helpful? Yes No

Anycast IPs like 8.8.4.4 or 8.8.8.8, shows different countries with different Spack releases

Modified on: Fri, 6 Dec, 2024 at 4:38 PM

More articles in Troubleshooting (SDWAN)