[145812] in North American Network Operators' Group
Re: Juniper DOS/Blackhole question
daemon@ATHENA.MIT.EDU (Saku Ytti)
Sun Oct 23 03:20:37 2011
Date: Sun, 23 Oct 2011 10:18:58 +0300
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <4EA37016.9050402@brightok.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2011-10-22 20:38 -0500), Jack Bates wrote:
> the route. This seems strange to me. Any idea why a route would be
> rejected unless multihop was enabled?
RFC4271 states:
--
- By default (if none of the above conditions apply), the BGP
speaker SHOULD use the IP address of the interface that the
speaker uses to establish the BGP connection to peer X in the
NEXT_HOP attribute.
--
Your provider was rewriting the next-hop to some address they are blackholing
inside their network. This caused above check to fail, and route was being
considered invalid.
EBGP multihop is kludge to kill this check, but also kludge to kill convergence
of your BGP session, due to disabling fall over on linkdown.
Proper way to disable this check is JunOS 'accept-remote-nexthop' or IOS
'disable-connected-check'.
--
++ytti
