Re: EBGP and multihops from Carlos G Mendioroz on 2010-08-20 (Ccielab archives 08/2010)

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Fri, 20 Aug 2010 13:30:11 -0300

Jack, inside comments:

Jack Router @ 20/8/2010 1:24 -0300 dixit:
> Hello,
>
> After labing a bit with EBGP neighbors using loopback interfaces I have some
> observations. Perhaps someone can clarify if I am correct:
>
> R1-------------------R2
> AS 100 AS 200
> L0: 1.1.1.1 L0: 2.2.2.2
>
> The task is to establish neighborships between R1 and R2 using L0
> interfaces.
>
> I think that three methods are possible.
> Following examples show R1 configurations, R2 has reverse configuration:
>
> Method 1:
> Router bgp 100
> neighbor 2.2.2.2 update-source Loopback0
> neighbor 2.2.2.2 ebgp-multihop (+ optional hop count, default is 255)

Old way, send with ttl greater than 1.

>
> Method 2:
> Router bgp 100
> neighbor 2.2.2.2 update-source Loopback0
> neighbor 2.2.2.2 ttl-security hops (+ mandatory hop count)

New security mode, to discard attacks that come from far away,
if the TTL is not enough.
The difference lies in the added security against DOS attacks,
because it will not reach the BGP code.

>
> Method 3:
> Router bgp 100
> neighbor 2.2.2.2 update-source Loopback0
> neighbor 2.2.2.2 disable connected check

Easy hack, implied by 1 or 2, just for 1 hop but originated by
a different interface than the connected one.

>
> My understanding is that all methods will play with TTL of packets sent from
> one neighbor to another thus allowing packets to reach defined neighbor. In
> that sense method 1 and 2 are identical as TTL can be defined.
> Method 3 is a bit different as it will set TTL to 255 and there is no way to
> change it.
>
> Am I right ?
I would expect that method 3 does not mess with TTL at all.
But have not tested it, would you ?
-Carlos

>
> Thanks,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Fri Aug 20 2010 - 13:30:11 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART