[168184] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Eric A Louie)
Wed Jan 15 01:23:09 2014
Date: Tue, 14 Jan 2014 22:22:56 -0800 (PST)
From: Eric A Louie <elouie@yahoo.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>, NANOG list <nanog@nanog.org>
In-Reply-To: <F290F3A4-D378-4655-8862-B1F4FD700F67@ianai.net>
Reply-To: Eric A Louie <elouie@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thank you - I will heed the warning.=A0 I want to be a good community membe=
r and make sure we're maintaining the agreed-upon practices (I'll re-read/r=
eview my agreement with the IXP) =0A=0A=0ASo if that is the case, I have to=
rely on the peering fabric to just return traffic, since the rest of my ne=
twork (save the directly connected router) will not know about those routes=
outbound?=A0 And what about my customers who are counting on me routing th=
eir office traffic through my network into the peering fabric to their prop=
erties?=A0 (I have one specifically who is eventually looking for that capa=
bility)=A0 Do I have to provide them some sort of VPN to make that happen a=
cross my network to the peering fabric router?=0A=0A=0A=0A=0A>_____________=
___________________=0A> From: Patrick W. Gilmore <patrick@ianai.net>=0A>To:=
NANOG list <nanog@nanog.org> =0A>Sent: Tuesday, January 14, 2014 7:11 PM=
=0A>Subject: Re: best practice for advertising peering fabric routes=0A> =
=0A>=0A>Pardon the top post, but I really don't have anything to comment be=
low other than to agree with Chris and say rfc5963 is broken.=0A>=0A>NEVER =
EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP LAN =
should not be reachable from any device not directly attached to that LAN. =
Period.=0A>=0A>Doing so endangers your peers & the IX itself. It is on the =
order of not implementing BCP38, except no one has the (lame, ridiculous, i=
diotic, and pure cost-shifting BS) excuse that they "can't" do this.=0A>=0A=
>-- =0A>TTFN,=0A>patrick=0A>=0A>=0A>On Jan 14, 2014, at 21:22 , Christopher=
Morrow <morrowc.lists@gmail.com> wrote:=0A>=0A>> On Tue, Jan 14, 2014 at 9=
:09 PM, Cb B <cb.list6@gmail.com> wrote:=0A>>> On Jan 14, 2014 6:01 PM, "Er=
ic A Louie" <elouie@yahoo.com> wrote:=0A>>>> =0A>>>> I have a connection to=
a peering fabric and I'm not distributing the=0A>>> peering fabric routes =
into my network.=0A>>>> =0A>> =0A>> good plan.=0A>> =0A>>>> I see three opt=
ions=0A>>>> 1. redistribute into my igp (OSPF)=0A>>>> =0A>>>> 2. configure =
ibgp and route them within that infrastructure.=A0 All the=0A>>> default ro=
utes go out through the POPs so iBGP would see packets destined=0A>>> for t=
he peering fabric and route it that-a-way=0A>>>> =0A>>>> 3. leave it "as is=
", and let the outbound traffic go out my upstreams and=0A>>> the inbound t=
raffic come back through the peering fabric=0A>>>> =0A>>>> =0A>> =0A>> 4. a=
ll peering-fabric routes get next-hop-self on your peering router=0A>> befo=
re going into ibgp...=0A>> all the rest of your network sees your local loo=
pback as nexthop and=0A>> things just work.=0A>> =0A>>>> Advantages and dis=
advantages, pros and cons?=A0 Recommendations?=0A>>> Experiences, good and =
bad?=0A>>>> =0A>>>> =0A>>>> I have 5 POPs, 2 OSPF areas, and have not broug=
ht iBGP up between the=0A>>> POPs yet.=A0 That's another issue completely f=
rom a planning perspective.=0A>>>> =0A>>>> thanks=0A>>>> Eric=0A>>>> =0A>>>=
=0A>>> http://tools.ietf.org/html/rfc5963=0A>>> =0A>>> I like no-export=0A=
>> =0A>=0A>=0A>=0A>=0A>
