ebgp-multihop

David Barak thegameiam at yahoo.com
Fri Feb 28 03:29:29 UTC 2003


Nooooo!

eBGP multihop carries with it the implicit possiblity
of session highjacking - in a normal (Multihop=1)
session, the router would not be able to find a
duplicate neighbor with the specified IP address
directly connected.  Obviously, once you're saying
that the neighbor could be anywhere in the world,
what's to prevent me assigning my home Macintosh with
a second IP address and injecting whatever I want into
your network?

Second, Multihop is really a kludge: eBGP is ideally
run at the edge of a network across a point-to-point
(or shared) medium, and there really shouldn't be
multiple paths to eBGP neighbors.  If your link to ISP
X goes away, do you really want to have your router
think that ISP X is still available?  Or would you
rather just fail-over to a backup path?

iBGP is another matter -> there you want 255, b/c you
want the sessions to stay up even in the event of a
backbone link flap.


--- Iljitsch van Beijnum <iljitsch at muada.com> wrote:
> 
> On Thu, 27 Feb 2003, Tim Rand wrote:
> 
> > I have searched the archives but have not found an
> answer to my question - is there any danger in using
> excessively high TTL values with ebgp-multihop?   
> For example, neighbor x.x.x.x ebgp-multihop 255   - 
> 255 is generally much higher than needed, but is
> there any risk/danger ??    Thanks in advance.   -
> Tim
> 
> If you use this for a regular BGP feed (one where
> you actually send
> traffic as per the routes received) you can get
> interesting results if
> your direct connection to the peer goes down. Your
> BGP session will
> probably survive this and simply continue to run
> over any other
> connection(s) to the net you have. You can of course
> make sure this
> doesn't happen by creative application of static
> routes with different
> administrative distances (or even a filter).
> 

=====
David Barak
-fully RFC 1925 compliant-

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/



More information about the NANOG mailing list