BGP, ebgp-multihop and multiple peers
Iljitsch van Beijnum
iljitsch at muada.com
Wed Aug 27 07:25:40 CDT 2008
On 27 aug 2008, at 14:16, Steve Bertrand wrote:
> The only reason I use loopbacks for eBGP multihop is so that if one
> of my physical interfaces goes down taking a transit link with it,
> these particular sessions will attempt to re-establish via another
Actually they should stay up.
> Would someone be so kind as to point me in the direction of some
> documentation that describes the drawbacks (regarding the mentioned
> possibility of DoS/spoof attacks) of externally accessible loopbacks?
Apart from general vulnerabilities that are possible on services open
to the internet and password brute forcing it's mainly a question of
TCP RST packets on the BGP session, which an MD5 password will protect
you from. But then an attacker can try to bring down your route
processor CPU because the MD5 calculations use much more CPU time than
they should. Or simply overload the input buffers.
(If someone with this level of knowledge is out to get you you're
pretty much screwed whatever you do, though...)
> I'm drawing a blank on why this is any more risky than having a
> peering session (multihop) on a physical interface.
> Would it be best if I configured the peering sessions on a physical
> interface instead?
No, physical interfaces can go down.
The advantage of a separate loopback address is that if you ever have
any trouble, you can simply remove that address and the trouble is
gone, too. This wouldn't work for the loopback address you also use
for iBGP or a physical interface.
More information about the NANOG