[153166] in North American Network Operators' Group
Re: BGP ORF in practice
daemon@ATHENA.MIT.EDU (Rob Shakir)
Thu May 31 14:00:52 2012
From: Rob Shakir <rjs@rob.sh>
In-Reply-To: <CAOfiG73yqs7cyajv7KLKCu7uxh5JCSmJfJOjrjBWNr633oABNw@mail.gmail.com>
Date: Thu, 31 May 2012 18:59:41 +0100
To: Wayne Tucker <wayne@tuckerlabs.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 31 May 2012, at 18:18, Wayne Tucker wrote:
> What's the general consensus (hah! ;) regarding the use of RFC5291 BGP
> outbound route filtering? It's worked well for me in the lab, but I =
have
> yet to use it in a live environment (and I don't know that most =
service
> providers would know what I was talking about if I asked for it). =
Does it
> work great or does it end up being more pain than it's worth?
Hi Wayne,
In my experience, ORF is not particularly widely deployed in live =
network deployments.
It has some potential to be difficult to manage where implementations =
begin to experience complexities in building UPDATE message replication =
groups (where peers have a dynamic advertisement (egress) policy due to =
ORF, then this may mean that the number of peers with common UPDATE =
policies reduces, and hence concepts like policy-driven UPDATE groups =
become less efficient). This may impact the scaling of your BGP speakers =
in ways that are not easy to model - and hence may be undesirable on =
PE/border devices where control-plane CPU is a concern.
Further to this, there is, or has been, some disconnect in the modes of =
ORF that are supported between various speakers - for instance, some =
vendors support only prefix-based ORF, where others support only =
RT-based, which causes some barriers to implementation.
In an inter-domain context, I have seen some discussion of ORF as a =
means by which an L3VPN customer may choose to receive only a subset of =
their routing information at particular "low feature" sites - but the =
inter-operability issues mentioned above resulted in this not being =
deployed. Do you have a similar deployment case?
Cheers,
r.
