Re: BGP, ebgp-multihop and multiple peers

["Paul Wall" <pauldotwall () gmail com>]

On Tue, Aug 26, 2008 at 7:48 PM, Steve Bertrand <steve () ibctech ca> wrote:
> There are a few benefits to doing it this way (IMHO), but I see obvious
> benefits of using a single loopback interface and single IP for ALL of these
> multihop peers. Before I state good/bad, or get any wrong idea in my head,
> I'd like to ask the real experts here which way they would/do this type of
> thing, and why.
>
> - single loopback/single IP for all peers, or;
> - each peer with its own loopback/IP?

You should use caution when using loopback IP addresses and building
external multihop BGP sessions. By permitting external devices to
transmit packets to your loopback(s), you open the door to
spoof/denial of service attacks. However, if you must establish
sessions to something external, it would be best to do so from a
dedicated IP address for external peering that you can poke a hole
into your ACLs and apply the appropriate rate-limiting/filtering/CoPP
controls. Ideally, if you have an allocation for loopbacks, I would
hope you wouldn't allow the Internet fling packets at them.

Most frequently loopback peering is used when aggregating multiple
physical interfaces and is used in conjunction with static routes to
load balance traffic over the interfaces.