BGP, ebgp-multihop and multiple peers

• Previous message (by thread): BGP, ebgp-multihop and multiple peers
• Next message (by thread): BGP, ebgp-multihop and multiple peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27 aug 2008, at 7:58, Paul Wall wrote:

>> - single loopback/single IP for all peers, or;
>> - each peer with its own loopback/IP?

> You should use caution when using loopback IP addresses and building
> external multihop BGP sessions. By permitting external devices to
> transmit packets to your loopback(s), you open the door to
> spoof/denial of service attacks.

[...]

Indeed. I would use two loopbacks, one for internal stuff that is  
unreachable from the outside, another one from another range that  
allows the external sessions.

But that's more a question of ease of management than of risk, because  
if people can do something bad using one loopback address, it really  
doesn't matter much that additional ones are better protected.

• Previous message (by thread): BGP, ebgp-multihop and multiple peers
• Next message (by thread): BGP, ebgp-multihop and multiple peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]