[j-nsp] How does multihop eBGP work?
Alex
alex.arseniev at gmail.com
Fri Jun 24 13:43:09 EDT 2011
If you ever need multihop eBGP again, and are still worrying about
security/hijacking/packet modification/code injection there is a JUNOS
feature called "BGP IPSec protection" which establishes transport IPSec SA
between 2 Juniper boxes for explicit purpose of encrypting BGP packets.
You don't need a Service PIC for this to work, it is done in RE
http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-routing/routing-using-ipsec-to-protect-bgp-traffic.html
Rgds
Alex
----- Original Message -----
From: "Mike Williams" <mike.williams at comodo.com>
To: <juniper-nsp at puck.nether.net>
Sent: Friday, June 24, 2011 6:20 PM
Subject: Re: [j-nsp] How does multihop eBGP work?
> On Friday 24 June 2011 17:49:28 Patrick Okui wrote:
>> BGP only populates your idea of the next hop towards your destination.
>> Once your packets leave your network to the intermediary autonomous
>> systems they forward the packets based on their idea of the best next
>> hop.
>>
>> Short of some combination of tunnelling &/or encryption there's no real
>> way for you to control/verify what happened to the packets in transit.
>
> Thanks to all who replied.
>
> I was sort of hoping there would be a magical auto-encapsulation feature
> that
> nobody ever spoke about.
>
> We've solved our original problem in a neatly elegant way, without
> multi-hop
> ebgp.
>
> --
> Mike Williams
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list