On Tue, Aug 26, 2008 at 7:48 PM, Steve Bertrand <steve@ibctech.ca> wrote:
There are a few benefits to doing it this way (IMHO), but I see obvious benefits of using a single loopback interface and single IP for ALL of these multihop peers. Before I state good/bad, or get any wrong idea in my head, I'd like to ask the real experts here which way they would/do this type of thing, and why.
- single loopback/single IP for all peers, or; - each peer with its own loopback/IP?
You should use caution when using loopback IP addresses and building external multihop BGP sessions. By permitting external devices to transmit packets to your loopback(s), you open the door to spoof/denial of service attacks. However, if you must establish sessions to something external, it would be best to do so from a dedicated IP address for external peering that you can poke a hole into your ACLs and apply the appropriate rate-limiting/filtering/CoPP controls. Ideally, if you have an allocation for loopbacks, I would hope you wouldn't allow the Internet fling packets at them. Most frequently loopback peering is used when aggregating multiple physical interfaces and is used in conjunction with static routes to load balance traffic over the interfaces.