Building Network Automation Solutions
6 week online course starting in September 2017

EBGP load balancing with a multihop EBGP session

If someone asks you to implement load balancing on equal-bandwidth parallel links between a pair of BGP routers, your first thought should be multihop EBGP session between loopback interfaces. Although this design is ancient and excruciatingly boring, it still has a few interesting twists, for example:

Last but not least, an EBGP multihop session is vulnerable. You can use the neighbor disable-connected-check command to have a single-hop EBGP session with an IP address that is not directly connected.

Read the whole article in the CT3 wiki


  1. This comment has been removed by a blog administrator.

  2. The comment made by Blogking was a pure product advertisement with no added value.

  3. Hi Ivan,

    a recent comment made by Tony Li[1] regarding eBGP multihop (which I interpret as being averse to it) reminded me I wanted to ask you about this, but never actually did. :) I've been told (and I also remember reading somewhere) that eBGP is a Bad Thing and should be avoided, but I never found much details about why (granted, my google-fu might be low). I stumbled upon this blog post of yours, read the wiki article and found out about the TCP session hijacking issue (and how it can be mitigated). Also, because the neighbour is farther away, I'm thinking the session is (statistically) more likely to be unstable (because there are more devices/links that may experience issues) compared to when the neighbour is directly connected. Besides those, are there any other reasons why eBGP multihop is a Bad Thing?



  4. Let's try to be diplomatic: some very senior networking engineers have strong feelings about certain features (some about multihop EBGP, others about stateful firewalls), undoubtedly because they had to troubleshoot them way too often.

    Like with a number of other advanced features (and sharp knives) you can easily hurt yourself with multihop EBGP if you don't know what you're doing, but it can also be tool that can save the day (admittedly mostly fixing bad designs).


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.