Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ebgp-multihop

  • From: Jared Mauch
  • Date: Thu Feb 27 22:37:39 2003

On Thu, Feb 27, 2003 at 07:29:29PM -0800, David Barak wrote:
> 
> Nooooo!
> 
> eBGP multihop carries with it the implicit possiblity
> of session highjacking - in a normal (Multihop=1)

	Everyone uses md5 signature/bgp password/
authentication keys correct?

	That means this isn't an issue :)

> session, the router would not be able to find a
> duplicate neighbor with the specified IP address
> directly connected.  Obviously, once you're saying
> that the neighbor could be anywhere in the world,
> what's to prevent me assigning my home Macintosh with
> a second IP address and injecting whatever I want into
> your network?
> 
> Second, Multihop is really a kludge: eBGP is ideally
> run at the edge of a network across a point-to-point
> (or shared) medium, and there really shouldn't be
> multiple paths to eBGP neighbors.  If your link to ISP
> X goes away, do you really want to have your router
> think that ISP X is still available?  Or would you
> rather just fail-over to a backup path?
> 
> iBGP is another matter -> there you want 255, b/c you
> want the sessions to stay up even in the event of a
> backbone link flap.

	Depends on the size of the flap and router
convergence times.

	- Jared




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.