BGP, ebgp-multihop and multiple peers
Iljitsch van Beijnum
iljitsch at muada.com
Wed Aug 27 02:48:01 CDT 2008
On 27 aug 2008, at 7:58, Paul Wall wrote:
>> - single loopback/single IP for all peers, or;
>> - each peer with its own loopback/IP?
> You should use caution when using loopback IP addresses and building
> external multihop BGP sessions. By permitting external devices to
> transmit packets to your loopback(s), you open the door to
> spoof/denial of service attacks.
Indeed. I would use two loopbacks, one for internal stuff that is
unreachable from the outside, another one from another range that
allows the external sessions.
But that's more a question of ease of management than of risk, because
if people can do something bad using one loopback address, it really
doesn't matter much that additional ones are better protected.
More information about the NANOG