If you ever need multihop eBGP again, and are still worrying about
security/hijacking/packet modification/code injection there is a JUNOS
feature called "BGP IPSec protection" which establishes transport IPSec SA
between 2 Juniper boxes for explicit purpose of encrypting BGP packets.
You don't need a Service PIC for this to work, it is done in RE
http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-routing/routing-using-ipsec-to-protect-bgp-traffic.html
Rgds
Alex
----- Original Message -----
From: "Mike Williams" <mike.willi...@comodo.com>
To: <juniper-nsp@puck.nether.net>
Sent: Friday, June 24, 2011 6:20 PM
Subject: Re: [j-nsp] How does multihop eBGP work?
On Friday 24 June 2011 17:49:28 Patrick Okui wrote:
BGP only populates your idea of the next hop towards your destination.
Once your packets leave your network to the intermediary autonomous
systems they forward the packets based on their idea of the best next
hop.
Short of some combination of tunnelling &/or encryption there's no real
way for you to control/verify what happened to the packets in transit.
Thanks to all who replied.
I was sort of hoping there would be a magical auto-encapsulation feature
that
nobody ever spoke about.
We've solved our original problem in a neatly elegant way, without
multi-hop
ebgp.
--
Mike Williams
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp