On Thu, 2 Oct 2014, Paul Wozney wrote:
Okay so I've got two BGP routers here, accepting partial routes - one
carrier to each router. Each carrier advertises a default route. I use an
as-path filter to limit learned routes to those of the carrier +1 ASn:
ip as-path access-list 11 permit ^NNNN_[0-9]*$
Why are you doing this? Unless you have hardware that can't handle full
tables, there really isn't a need to do this and it can limit your options
for avoiding an outage.
One carrier has now had two outages in the last year where they've lost
their upstream. They continue to advertise a default route to us, so our
network experiences failures until we kill the link.
Do the more specific routes this provider normally advertises to you
disappear (just leaving you with a default route from them) when this
happens? If no, then you need to yell at this provider for implementing a
bad design.
It strikes me that if we had FULL routes (and no default route accepted) we
could react automatically to failures like this - we could share tables
between the routers and if one carrier lost half their routes we'd pick
them up from the other router.
Are running IBGP between your two edge routers?
Is this just how life with partial routes is? Or is there something else I
can do?
If your provider is sending you routes that they don't actually have
reachability to - you're going to see traffic get black-holed. Whether
you get full routes, a partial feed, or just default doesn't matter
(much). If your provider sends you a route, you are trusting that your
provider has reachability to that destination, or they can pass your traffic
to another provider who does, or will at least get you one AS closer to your
destination. BGP, as presently deployed, has no easy way for you to
determine which routes suddenly become invalid, and withdraw them in the
situation you described above.
Getting full routes allows you to make more fine-grained routing decisions
on how your outbound traffic flows, however whether your routers can
handle multiple full BGP feeds (IPv4 is over 512k routes today, and IPv6
is closing in on 20k) depends greatly on your hardware.
jms
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
