eBGP Multihop Peering Mikrotik Lab ~ JFA

See on the red line is peering between R3 and ISP1 router on different subnet called multihop. Configuration requires static routes or enabled IGP so that the neighbors can reach each other. Setting eBGP to Loopback addresses can protect BGP from DOS attacks

ISP1

/routing bgp instance

set default as=10 redistribute-connected=yes

/routing bgp network

add network=8.8.8.8/32

add network=192.168.1.0/24

/routing bgp peer

add name=toR1 remote-address=23.23.23.2 remote-as=30

add multihop=yes name=R2 remote-address=10.10.1.2 remote-as=40

[admin@ISP1] > ip route print

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,

B - blackhole, U - unreachable, P - prohibit

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADb 1.1.1.1/32 10.10.1.2 20

1 ADC 8.8.8.8/32 8.8.8.8 lo1 0

2 ADo 10.10.1.0/24 12.12.12.2 110

3 ADb 10.10.2.0/24 23.23.23.2 20

4 ADb 10.10.3.0/24 23.23.23.2 20

5 ADC 12.12.12.0/24 12.12.12.1 ether1 0

6 ADC 23.23.23.0/24 23.23.23.1 ether2 0

7 ADo 34.34.34.0/24 12.12.12.2 110

8 ADC 192.168.1.0/24 192.168.1.1 ether3 0

/routing bgp instance

set default as=40

/routing bgp network

add network=1.1.1.1/32

/routing bgp peer

add multihop=yes name=ISP1 remote-address=8.8.8.8 remote-as=10

[admin@R2] > ip route print

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,

B - blackhole, U - unreachable, P - prohibit

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 10.10.1.1 1

1 ADC 1.1.1.1/32 1.1.1.1 lo1 0

2 ADb 8.8.8.8/32 8.8.8.8 20

3 ADC 10.10.1.0/24 10.10.1.2 ether1 0

4 ADb 10.10.2.0/24 8.8.8.8 20

5 ADb 10.10.3.0/24 8.8.8.8 20

6 ADb 12.12.12.0/24 8.8.8.8 20

7 ADb 23.23.23.0/24 8.8.8.8 20

8 ADb 192.168.1.0/24 8.8.8.8 20

JFA

eBGP Multihop Peering Mikrotik Lab

Related Post

1 komentar :