BGP, ebgp-multihop and multiple peers

Iljitsch van Beijnum iljitsch at
Wed Aug 27 07:25:40 CDT 2008

On 27 aug 2008, at 14:16, Steve Bertrand wrote:

> The only reason I use loopbacks for eBGP multihop is so that if one  
> of my physical interfaces goes down taking a transit link with it,  
> these particular sessions will attempt to re-establish via another  
> path.

Actually they should stay up.

> Would someone be so kind as to point me in the direction of some  
> documentation that describes the drawbacks (regarding the mentioned  
> possibility of DoS/spoof attacks) of externally accessible loopbacks?

Apart from general vulnerabilities that are possible on services open  
to the internet and password brute forcing it's mainly a question of  
TCP RST packets on the BGP session, which an MD5 password will protect  
you from. But then an attacker can try to bring down your route  
processor CPU because the MD5 calculations use much more CPU time than  
they should. Or simply overload the input buffers.

(If someone with this level of knowledge is out to get you you're  
pretty much screwed whatever you do, though...)

> I'm drawing a blank on why this is any more risky than having a  
> peering session (multihop) on a physical interface.

It isn't.

> Would it be best if I configured the peering sessions on a physical  
> interface instead?

No, physical interfaces can go down.

The advantage of a separate loopback address is that if you ever have  
any trouble, you can simply remove that address and the trouble is  
gone, too. This wouldn't work for the loopback address you also use  
for iBGP or a physical interface.

More information about the NANOG mailing list