06-02-2009 06:39 AM
Question. Best practice is to configure iBGP via loopback interface. My question is, is that valid statement for scenario where two BGP peers are seperated by a firewall?
06-02-2009 07:43 AM
For iBGP peering, the FW shouldn't matter. Loopbacks can still be used.
Some FW support bgp themselves, so they can be part of iBGP.
Thanks.
06-07-2009 12:12 PM
Hello Mateuz,
iBGP allows for a TTL=255 in the BGP packets so the added hop caused by the firewall is not a problem for the iBGP session.
if the session were eBGP you would need to tune the ebgp-multihop to take care of the FW hop.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide