nanog mailing list archives
Re: BGP, ebgp-multihop and multiple peers
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Wed, 27 Aug 2008 09:48:01 +0200
On 27 aug 2008, at 7:58, Paul Wall wrote:
- single loopback/single IP for all peers, or; - each peer with its own loopback/IP?
You should use caution when using loopback IP addresses and building external multihop BGP sessions. By permitting external devices to transmit packets to your loopback(s), you open the door to spoof/denial of service attacks.
[...]Indeed. I would use two loopbacks, one for internal stuff that is unreachable from the outside, another one from another range that allows the external sessions.
But that's more a question of ease of management than of risk, because if people can do something bad using one loopback address, it really doesn't matter much that additional ones are better protected.
Current thread:
- BGP, ebgp-multihop and multiple peers Steve Bertrand (Aug 26)
- Re: BGP, ebgp-multihop and multiple peers Truman Boyes (Aug 26)
- Re: BGP, ebgp-multihop and multiple peers Paul Wall (Aug 26)
- Re: BGP, ebgp-multihop and multiple peers Iljitsch van Beijnum (Aug 27)
- Re: BGP, ebgp-multihop and multiple peers Steve Bertrand (Aug 27)
- Re: BGP, ebgp-multihop and multiple peers Iljitsch van Beijnum (Aug 27)
- Re: BGP, ebgp-multihop and multiple peers Steve Bertrand (Aug 27)
- Re: BGP, ebgp-multihop and multiple peers Rick Ernst (Aug 27)
- Re: BGP, ebgp-multihop and multiple peers Iljitsch van Beijnum (Aug 27)