[168185] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Eric A Louie)
Wed Jan 15 01:36:57 2014
Date: Tue, 14 Jan 2014 22:36:40 -0800 (PST)
From: Eric A Louie <elouie@yahoo.com>
To: Eric A Louie <elouie@yahoo.com>, "Patrick W. Gilmore" <patrick@ianai.net>,
NANOG list <nanog@nanog.org>
In-Reply-To: <1389766976.17890.YahooMailNeo@web181605.mail.ne1.yahoo.com>
Reply-To: Eric A Louie <elouie@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Never mind, I just carefully re-read the point.=A0 Right, I'll filter the p=
refix(es) of the IXP LAN(s) that I'm connected to and not let THAT get out,=
no reason to advertise it since no traffic ever goes to it.=A0 That still =
has me asking to how best to advertise the rest of the public prefixes comi=
ng from the other fabric members.=0A=0A=0A=0A=0A=0A>_______________________=
_________=0A> From: Eric A Louie <elouie@yahoo.com>=0A>To: Patrick W. Gilmo=
re <patrick@ianai.net>; NANOG list <nanog@nanog.org> =0A>Sent: Tuesday, Jan=
uary 14, 2014 10:22 PM=0A>Subject: Re: best practice for advertising peerin=
g fabric routes=0A> =0A>=0A>Thank you - I will heed the warning.=A0 I want =
to be a good community member and make sure we're maintaining the agreed-up=
on practices (I'll re-read/review my agreement with the IXP) =0A>=0A>=0A>So=
if that is the case, I have to rely on the peering fabric to just return t=
raffic, since the rest of my network (save the directly connected router) w=
ill not know about those routes outbound?=A0 And what about my customers wh=
o are counting on me routing their office traffic through my network into t=
he peering fabric to their properties?=A0 (I have one specifically who is e=
ventually looking for that capability)=A0 Do I have to provide them some so=
rt of VPN to make that happen across my network to the peering fabric route=
r?=0A>=0A>=0A>=0A>=0A>>________________________________=0A>> From: Patrick =
W. Gilmore <patrick@ianai.net>=0A>>To: NANOG list <nanog@nanog.org> =0A>>Se=
nt: Tuesday, January 14, 2014 7:11 PM=0A>>Subject: Re: best practice for ad=
vertising peering fabric routes=0A>> =0A>>=0A>>Pardon the top post, but I r=
eally don't have anything to comment below other than to agree with Chris a=
nd say rfc5963 is broken.=0A>>=0A>>NEVER EVER EVER put an IX prefix into BG=
P, IGP, or even static route. An IXP LAN should not be reachable from any d=
evice not directly attached to that LAN. Period.=0A>>=0A>>Doing so endanger=
s your peers & the IX itself. It is on the order of not implementing BCP38,=
except no one has the (lame, ridiculous, idiotic, and pure cost-shifting B=
S) excuse that they "can't" do this.=0A>>=0A>>-- =0A>>TTFN,=0A>>patrick=0A>=
>=0A>>=0A>>On Jan 14, 2014, at 21:22 , Christopher Morrow <morrowc.lists@gm=
ail.com> wrote:=0A>>=0A>>> On Tue, Jan 14, 2014 at 9:09 PM, Cb B <cb.list6@=
gmail.com> wrote:=0A>>>> On Jan 14, 2014 6:01 PM, "Eric A Louie" <elouie@ya=
hoo.com> wrote:=0A>>>>> =0A>>>>> I have a connection to a peering fabric an=
d I'm not distributing the=0A>>>> peering fabric routes into my network.=0A=
>>>>> =0A>>> =0A>>> good plan.=0A>>> =0A>>>>> I see three options=0A>>>>> 1=
. redistribute into my igp (OSPF)=0A>>>>> =0A>>>>> 2. configure ibgp and ro=
ute them within that infrastructure.=A0 All the=0A>>>> default routes go ou=
t through the POPs so iBGP would see packets destined=0A>>>> for the peerin=
g fabric and route it that-a-way=0A>>>>> =0A>>>>> 3. leave it "as is", and =
let the outbound traffic go out my upstreams and=0A>>>> the inbound traffic=
come back through the peering fabric=0A>>>>> =0A>>>>> =0A>>> =0A>>> 4. all=
peering-fabric routes get next-hop-self on your peering router=0A>>> befor=
e going into ibgp...=0A>>> all the rest of your network sees your local loo=
pback as nexthop and=0A>>> things just work.=0A>>> =0A>>>>> Advantages and =
disadvantages, pros and cons?=A0 Recommendations?=0A>>>> Experiences, good =
and bad?=0A>>>>> =0A>>>>> =0A>>>>> I have 5 POPs, 2 OSPF areas, and have no=
t brought iBGP up between the=0A>>>> POPs yet.=A0 That's another issue comp=
letely from a planning perspective.=0A>>>>> =0A>>>>> thanks=0A>>>>> Eric=0A=
>>>>> =0A>>>> =0A>>>> http://tools.ietf.org/html/rfc5963=0A>>>> =0A>>>> I l=
ike no-export=0A>>> =0A>>=0A>>=0A>>=0A>>=0A>>=0A>=0A>=0A>
