[168187] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Jan 15 01:43:34 2014
In-Reply-To: <1389767800.94499.YahooMailNeo@web181603.mail.ne1.yahoo.com>
Date: Wed, 15 Jan 2014 01:41:15 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Eric A Louie <elouie@yahoo.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Jan 15, 2014 at 1:36 AM, Eric A Louie <elouie@yahoo.com> wrote:
> Never mind, I just carefully re-read the point. Right, I'll filter the p=
refix(es) of the IXP LAN(s) that I'm connected to and not let THAT get out,=
no reason to advertise it since no traffic ever goes to it. That still ha=
s me asking to how best to advertise the rest of the public prefixes coming=
from the other fabric members.
>
on your ibgp peers on 'your-router' you'd have something like:
match community <community-added-for-all-ixp-participant-routes>
set next-hop-self
<http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800=
949e8.shtml#eleven>
for one vendors view of the situation... and there is a link to:
<http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c=
95bb.shtml>
that's worth a read.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95b=
b.shtml
>
>
>
>
>>________________________________
>> From: Eric A Louie <elouie@yahoo.com>
>>To: Patrick W. Gilmore <patrick@ianai.net>; NANOG list <nanog@nanog.org>
>>Sent: Tuesday, January 14, 2014 10:22 PM
>>Subject: Re: best practice for advertising peering fabric routes
>>
>>
>>Thank you - I will heed the warning. I want to be a good community membe=
r and make sure we're maintaining the agreed-upon practices (I'll re-read/r=
eview my agreement with the IXP)
>>
>>
>>So if that is the case, I have to rely on the peering fabric to just retu=
rn traffic, since the rest of my network (save the directly connected route=
r) will not know about those routes outbound? And what about my customers =
who are counting on me routing their office traffic through my network into=
the peering fabric to their properties? (I have one specifically who is e=
ventually looking for that capability) Do I have to provide them some sort=
of VPN to make that happen across my network to the peering fabric router?
>>
>>
>>
>>
>>>________________________________
>>> From: Patrick W. Gilmore <patrick@ianai.net>
>>>To: NANOG list <nanog@nanog.org>
>>>Sent: Tuesday, January 14, 2014 7:11 PM
>>>Subject: Re: best practice for advertising peering fabric routes
>>>
>>>
>>>Pardon the top post, but I really don't have anything to comment below o=
ther than to agree with Chris and say rfc5963 is broken.
>>>
>>>NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An=
IXP LAN should not be reachable from any device not directly attached to t=
hat LAN. Period.
>>>
>>>Doing so endangers your peers & the IX itself. It is on the order of not=
implementing BCP38, except no one has the (lame, ridiculous, idiotic, and =
pure cost-shifting BS) excuse that they "can't" do this.
>>>
>>>--
>>>TTFN,
>>>patrick
>>>
>>>
>>>On Jan 14, 2014, at 21:22 , Christopher Morrow <morrowc.lists@gmail.com>=
wrote:
>>>
>>>> On Tue, Jan 14, 2014 at 9:09 PM, Cb B <cb.list6@gmail.com> wrote:
>>>>> On Jan 14, 2014 6:01 PM, "Eric A Louie" <elouie@yahoo.com> wrote:
>>>>>>
>>>>>> I have a connection to a peering fabric and I'm not distributing the
>>>>> peering fabric routes into my network.
>>>>>>
>>>>
>>>> good plan.
>>>>
>>>>>> I see three options
>>>>>> 1. redistribute into my igp (OSPF)
>>>>>>
>>>>>> 2. configure ibgp and route them within that infrastructure. All th=
e
>>>>> default routes go out through the POPs so iBGP would see packets dest=
ined
>>>>> for the peering fabric and route it that-a-way
>>>>>>
>>>>>> 3. leave it "as is", and let the outbound traffic go out my upstream=
s and
>>>>> the inbound traffic come back through the peering fabric
>>>>>>
>>>>>>
>>>>
>>>> 4. all peering-fabric routes get next-hop-self on your peering router
>>>> before going into ibgp...
>>>> all the rest of your network sees your local loopback as nexthop and
>>>> things just work.
>>>>
>>>>>> Advantages and disadvantages, pros and cons? Recommendations?
>>>>> Experiences, good and bad?
>>>>>>
>>>>>>
>>>>>> I have 5 POPs, 2 OSPF areas, and have not brought iBGP up between th=
e
>>>>> POPs yet. That's another issue completely from a planning perspectiv=
e.
>>>>>>
>>>>>> thanks
>>>>>> Eric
>>>>>>
>>>>>
>>>>> http://tools.ietf.org/html/rfc5963
>>>>>
>>>>> I like no-export
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
