iBGP next hop and multi-access media
Background: Router A and B are connected via a common ethernet segment 1. Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. Router B also has another subnet configured for ethernet segment 1; 172.16.16.0/24. When I setup a situation like the above, with Router B advertising the 172.16.16.0/24 to router A, router A sees a next hop of 10.10.10.2. This is not good since packets from A going to the 172.16.16 subnet get sent to Router B, which then ARPs the desitnation, instead of just being ARPed by router A. I don't want to turn on ICMP redirects on B since they're insecure and ugly. I've also made sure I'm not using next-hop self. Is there a way to make this work? Ralph Doncaster principal, IStop.com
Re: iBGP next hop and multi-access media
I've already had several direct replies saying to manually configure the 172.16 subnet on router A. Sure, that will work, but I'm looking for a solution that doesn't require manual configuration of all the routers involved. Ralph Doncaster principal, IStop.com
Re: iBGP next hop and multi-access media
I've already had several direct replies saying to manually configure the 172.16 subnet on router A. Sure, that will work, but I'm looking for a solution that doesn't require manual configuration of all the routers involved. Put another physical ethernet interface in router B and move 172.16.16.0/24 to the new interface. This will get you over the psychological hurdle you are facing. -mark
Re: iBGP next hop and multi-access media
Can you create another segment with 172.16.16? May be another dotq1q interface?. Regards Ezequiel On Sun, 2002-10-06 at 13:44, Ralph Doncaster wrote: Background: Router A and B are connected via a common ethernet segment 1. Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. Router B also has another subnet configured for ethernet segment 1; 172.16.16.0/24. When I setup a situation like the above, with Router B advertising the 172.16.16.0/24 to router A, router A sees a next hop of 10.10.10.2. This is not good since packets from A going to the 172.16.16 subnet get sent to Router B, which then ARPs the desitnation, instead of just being ARPed by router A. I don't want to turn on ICMP redirects on B since they're insecure and ugly. I've also made sure I'm not using next-hop self. Is there a way to make this work? Ralph Doncaster principal, IStop.com
Re: iBGP next hop and multi-access media
A and B are connected via the same multi-access media. It is technically possible for B to tell A you can reach 172.16.16.0/24 on the same media that you receive this update on. However what people seem to be saying is that there is no dynamic routing protocol that implements this. Ralph Doncaster principal, IStop.com On Sun, 6 Oct 2002, Stephen J. Wilcox wrote: I dont understand this.. A wants to get to a network which it [thinks it] is not connected to, the only route is via B. therefore you must advertise the route from B with next hop B the only possible way (at least in ethernet IP) that A can send direct onto the ethernet segment is if it is connected to the other (172.16) network and if youre not willing to do that then your solution is not possible Steve On Sun, 6 Oct 2002, Ralph Doncaster wrote: Background: Router A and B are connected via a common ethernet segment 1. Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. Router B also has another subnet configured for ethernet segment 1; 172.16.16.0/24. When I setup a situation like the above, with Router B advertising the 172.16.16.0/24 to router A, router A sees a next hop of 10.10.10.2. This is not good since packets from A going to the 172.16.16 subnet get sent to Router B, which then ARPs the desitnation, instead of just being ARPed by router A. I don't want to turn on ICMP redirects on B since they're insecure and ugly. I've also made sure I'm not using next-hop self. Is there a way to make this work? Ralph Doncaster principal, IStop.com
Re: iBGP next hop and multi-access media
On Sun, Oct 06, 2002 at 04:25:00PM -0400, Ralph Doncaster wrote: A and B are connected via the same multi-access media. It is technically possible for B to tell A you can reach 172.16.16.0/24 on the same media that you receive this update on. However what people seem to be saying is that there is no dynamic routing protocol that implements this. There are two solutions to your dilemma: - Route via B - Add A to 172.16.16.0/24 It's not a matter of dynamic routing, it's just the way subnets work. If you want all the hosts to be able to talk to each other directly, put them all on the same subnet. That you don't want to accept either solution doesn't mean that there is no solution. I want to define subnets, but I want hosts on said subnets to ignore their boundaries does not make sense. -c
Re: iBGP next hop and multi-access media
No its not possible to say you can reach the subnet on the same media... IP maps to the [Ethernet] with ARP, but before a packet is passed down to MAC via ARP it is routed and if there is no route to the connected ethernet then it will necessarily need to use the other router. You must have the route before you can look at passing it to the media.. Steve On Sun, 6 Oct 2002, Ralph Doncaster wrote: A and B are connected via the same multi-access media. It is technically possible for B to tell A you can reach 172.16.16.0/24 on the same media that you receive this update on. However what people seem to be saying is that there is no dynamic routing protocol that implements this. Ralph Doncaster principal, IStop.com On Sun, 6 Oct 2002, Stephen J. Wilcox wrote: I dont understand this.. A wants to get to a network which it [thinks it] is not connected to, the only route is via B. therefore you must advertise the route from B with next hop B the only possible way (at least in ethernet IP) that A can send direct onto the ethernet segment is if it is connected to the other (172.16) network and if youre not willing to do that then your solution is not possible Steve On Sun, 6 Oct 2002, Ralph Doncaster wrote: Background: Router A and B are connected via a common ethernet segment 1. Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. Router B also has another subnet configured for ethernet segment 1; 172.16.16.0/24. When I setup a situation like the above, with Router B advertising the 172.16.16.0/24 to router A, router A sees a next hop of 10.10.10.2. This is not good since packets from A going to the 172.16.16 subnet get sent to Router B, which then ARPs the desitnation, instead of just being ARPed by router A. I don't want to turn on ICMP redirects on B since they're insecure and ugly. I've also made sure I'm not using next-hop self. Is there a way to make this work? Ralph Doncaster principal, IStop.com
RE: Telco cages?
http://www.cross-guard.com/ is used by many data centres in Europe. They also have offices in US, Asia. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex Rubenstein Sent: vrijdag 4 oktober 2002 19:19 To: [EMAIL PROTECTED] Subject: Telco cages? I am looking for a manufacturer of telco cages used in datacenter applications; any pointers would be appreciated. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- --- Wouter van Hulten http://www.ripe.net/perl/whois?WVH14-RIPE mailto:[EMAIL PROTECTED]
Re: UUNET is not the Internet (and neither is AOL)
Hi there, What really confuses the heck out of me is that a company this size can't control/monitor their change management??. Then again not having all the facts has had everyone perplexed. later, vicky At 07:38 PM 10/5/2002 -0400, you wrote: On Sat, 5 Oct 2002, Tim Thorne wrote: After reading all the stories about what supposedly happened does anyone know what really happened? Did UUNet US really do an IOS upgrade on a sizable proportion of their border routers in one go? This seems like suicide to me. What possible reason could there be for a network-wide roll out of an untested IOS apart from being in the mire already? Corporate culture is the hardest thing to change in a company. You'll need to talk with your Worldcom account rep about what happened, and what Worldcom intends to do about it. In the past, Worldcom has not been very open or transparent when it has had network problems.
Re: iBGP next hop and multi-access media
RD Date: Sun, 6 Oct 2002 12:44:07 -0400 (EDT) RD From: Ralph Doncaster RD Router A and B are connected via a common ethernet segment 1. RD Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. RD Router B also has another subnet configured for ethernet RD segment 1; 172.16.16.0/24. RD RD When I setup a situation like the above, with Router B RD advertising the 172.16.16.0/24 to router A, router A sees a RD next hop of 10.10.10.2. This is not good since packets from RD A going to the 172.16.16 subnet get sent to Router B, which RD then ARPs the desitnation, instead of just being ARPed by RD router A. Is this what you're trying to do: route-map foo match whatever set ip next-hop something ? Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
RE: iBGP next hop and multi-access media
Really, the only way this could happen is if Router B is not announcing its routes to 172.16.16/24 and Router A has a default route to its Ethernet interface. C. -Original Message- From: Ralph Doncaster [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 06, 2002 9:06 PM To: E.B. Dreger Cc: [EMAIL PROTECTED] Subject: Re: iBGP next hop and multi-access media RD When I setup a situation like the above, with Router B advertising RD the 172.16.16.0/24 to router A, router A sees a next hop of RD 10.10.10.2. This is not good since packets from A going to the RD 172.16.16 subnet get sent to Router B, which then ARPs the RD desitnation, instead of just being ARPed by router A. Is this what you're trying to do: route-map foo match whatever set ip next-hop something Not really, what I want is router A to learn that ther is no next hop IP- the subnet is on the local ethernet. -Ralph
Re: iBGP next hop and multi-access media
RD Date: Sun, 6 Oct 2002 21:05:32 -0400 (EDT) RD From: Ralph Doncaster RD Not really, what I want is router A to learn that ther is no RD next hop IP- the subnet is on the local ethernet. As others are saying... it isn't local. It's not local unless in the same subnet. Physical topology often correlates with higher layers, but it's not strictly 1:1. Add a secondary IP address to the router you want to use ARP, utilize a static route to an interface, or just live with the way IP works. (Then what about the path in the other direction?) Just remember that IGP complexity is not your friend. Make sure the answer is better than the problem. Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: iBGP next hop and multi-access media
On Mon, 7 Oct 2002, E.B. Dreger wrote: RD Date: Sun, 6 Oct 2002 21:05:32 -0400 (EDT) RD From: Ralph Doncaster RD Not really, what I want is router A to learn that ther is no RD next hop IP- the subnet is on the local ethernet. As others are saying... it isn't local. It's not local unless in the same subnet. Physical topology often correlates with higher layers, but it's not strictly 1:1. Manually configuring a static route in router A would achieve the result: ip route 172.16.16.0 255.255.255.0 fa0/0 However, I'm surprised that there's no dynamic routing protocol that allows you to do everything you can with static routes. -Ralph
Re: iBGP next hop and multi-access media
On Sun, 6 Oct 2002, [EMAIL PROTECTED] wrote: On Sun, 6 Oct 2002, Ralph Doncaster wrote: As others are saying... it isn't local. It's not local unless in the same subnet. Physical topology often correlates with higher layers, but it's not strictly 1:1. Manually configuring a static route in router A would achieve the result: ip route 172.16.16.0 255.255.255.0 fa0/0 Why are we doing basic IP routing 101 on NANOG? OK, since it's so basic why don't you explain how to have router A dynamically learn from router B that there is a new subnet on the local ethernet? Don't route IP blocks to the ethernet. That's using ARP as your routing protocol and it's horribly fragile. I've seen one ISP do that (they were very technically challenged) and it's a setup that broke way too easily. So then what do you call a connected route (for an ethernet interface on a router)? If you use ethernet, at the edges of your network you HAVE to route IP blocks to the ethernet. -Ralph
Re: iBGP next hop and multi-access media
OK, I'll bite. I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? So then what do you call a connected route (for an ethernet interface on a router)? If you use ethernet, at the edges of your network you HAVE to route IP blocks to the ethernet. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: iBGP next hop and multi-access media
On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph
Re: iBGP next hop and multi-access media
Aha. So, if you route to a ethernet interface, it will try to arp for that address on that subnet, even without having a local address on the same subnet? This seems to me to be something you don't want to do. Is the entire route valid as long as the router can ARP for one of the addresses in the routed subnet? On Mon, 7 Oct 2002, Ralph Doncaster wrote: On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: iBGP next hop and multi-access media
My understanding is the route is valid as long as the interface is up; just like adding a secondary IP on the interface. Ralph Doncaster principal, IStop.com On Mon, 7 Oct 2002, Alex Rubenstein wrote: Aha. So, if you route to a ethernet interface, it will try to arp for that address on that subnet, even without having a local address on the same subnet? This seems to me to be something you don't want to do. Is the entire route valid as long as the router can ARP for one of the addresses in the routed subnet? On Mon, 7 Oct 2002, Ralph Doncaster wrote: On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: iBGP next hop and multi-access media
Are you just asking a question to get a better understanding of how things work, Ralph or have you already put this into production and are wondering why it doesn't work a certain way? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ralph Doncaster Sent: Monday, October 07, 2002 12:43 AM To: Alex Rubenstein Cc: [EMAIL PROTECTED] Subject: Re: iBGP next hop and multi-access media My understanding is the route is valid as long as the interface is up; just like adding a secondary IP on the interface. Ralph Doncaster principal, IStop.com On Mon, 7 Oct 2002, Alex Rubenstein wrote: Aha. So, if you route to a ethernet interface, it will try to arp for that address on that subnet, even without having a local address on the same subnet? This seems to me to be something you don't want to do. Is the entire route valid as long as the router can ARP for one of the addresses in the routed subnet? On Mon, 7 Oct 2002, Ralph Doncaster wrote: On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: iBGP next hop and multi-access media
On Mon, 7 Oct 2002, Ralph Doncaster wrote: My understanding is the route is valid as long as the interface is up; just like adding a secondary IP on the interface. If you are going through all this trouble, why not just secondary the interface, while you at it run HSRP or VRRP and provide some HA-ness for your LAN? Ralph Doncaster principal, IStop.com On Mon, 7 Oct 2002, Alex Rubenstein wrote: Aha. So, if you route to a ethernet interface, it will try to arp for that address on that subnet, even without having a local address on the same subnet? This seems to me to be something you don't want to do. Is the entire route valid as long as the router can ARP for one of the addresses in the routed subnet? On Mon, 7 Oct 2002, Ralph Doncaster wrote: On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: iBGP next hop and multi-access media
It's a theoretical question. So far I've had one person email me saying OSPF can advertise a subnet as local on a shared multi-access media. If in fact BGP can't do this, then it's no big deal to me as nothing in my network relies on this functionality. Ralph Doncaster principal, IStop.com On Mon, 7 Oct 2002, Jason Lixfeld wrote: Are you just asking a question to get a better understanding of how things work, Ralph or have you already put this into production and are wondering why it doesn't work a certain way? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ralph Doncaster Sent: Monday, October 07, 2002 12:43 AM To: Alex Rubenstein Cc: [EMAIL PROTECTED] Subject: Re: iBGP next hop and multi-access media My understanding is the route is valid as long as the interface is up; just like adding a secondary IP on the interface. Ralph Doncaster principal, IStop.com On Mon, 7 Oct 2002, Alex Rubenstein wrote: Aha. So, if you route to a ethernet interface, it will try to arp for that address on that subnet, even without having a local address on the same subnet? This seems to me to be something you don't want to do. Is the entire route valid as long as the router can ARP for one of the addresses in the routed subnet? On Mon, 7 Oct 2002, Ralph Doncaster wrote: On Mon, 7 Oct 2002, Alex Rubenstein wrote: I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? When you setup a secondary ip on an interface int fa0/0 ip address a.b.c.d e.f.g.h secondary How does it determine where to send the packets? ARP. Which is the same as adding the route described above. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: iBGP next hop and multi-access media
On Mon, Oct 07, 2002 at 12:15:40AM -0400, Alex Rubenstein wrote: OK, I'll bite. I've been doing ip route statements going on 8 years now, and I can't imagine why ever -- and how it would even work -- you'd want to ip route a netblock with a next hop of a multi-access brandcast media. As in, the next hop is still truly undetermined. I guess I don't know this because I've never tried it. But, how does the router determine where to send the packets for a route statement as specified above (ip route a.b.c.d e.f.g.h f0/0) ? A cisco router with the default (ip proxy-arp) enabled on the interface will spend all its time doing arp/proxy-arp for the hosts and it will actually work believe it or not. You'll notice massive cpu utilization. People who do this tend to not have a lot of clue or notice when their cpu is spending all its time doing this... One should always turn proxy-arp off on your interfaces both internal and customer facing so they don't make your router bear the load because they can not configure their devices logically. - Jared So then what do you call a connected route (for an ethernet interface on a router)? If you use ethernet, at the edges of your network you HAVE to route IP blocks to the ethernet. -Ralph -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
