[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP, ebgp-multihop and multiple peers

Subject: BGP, ebgp-multihop and multiple peers
From: iljitsch at muada.com (Iljitsch van Beijnum)
Date: Wed, 27 Aug 2008 09:48:01 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On 27 aug 2008, at 7:58, Paul Wall wrote:

>> - single loopback/single IP for all peers, or;
>> - each peer with its own loopback/IP?

> You should use caution when using loopback IP addresses and building
> external multihop BGP sessions. By permitting external devices to
> transmit packets to your loopback(s), you open the door to
> spoof/denial of service attacks.

[...]

Indeed. I would use two loopbacks, one for internal stuff that is  
unreachable from the outside, another one from another range that  
allows the external sessions.

But that's more a question of ease of management than of risk, because  
if people can do something bad using one loopback address, it really  
doesn't matter much that additional ones are better protected.

Follow-Ups:
- BGP, ebgp-multihop and multiple peers
  - From: steve at ibctech.ca (Steve Bertrand)

References:
- BGP, ebgp-multihop and multiple peers
  - From: steve at ibctech.ca (Steve Bertrand)
- BGP, ebgp-multihop and multiple peers
  - From: pauldotwall at gmail.com (Paul Wall)

Prev by Date: Level 3 TPA routing today?
Next by Date: interger to I P address
Previous by thread: BGP, ebgp-multihop and multiple peers
Next by thread: BGP, ebgp-multihop and multiple peers
Index(es):
- Date
- Thread