[168188] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Eric A Louie)
Wed Jan 15 02:00:09 2014
Date: Tue, 14 Jan 2014 22:59:54 -0800 (PST)
From: Eric A Louie <elouie@yahoo.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <CAL9jLaYvxzc3k3xu9PXPDOz9OfAE_vPpJTVV21eSgz40unJpmA@mail.gmail.com>
Reply-To: Eric A Louie <elouie@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ok, so the right way to do it is in iBGP.=A0 That pretty much answers the q=
uestion - don't redistribute those ixp-participant prefixes into my IGP.=0A=
=0AI have a lot of iBGP homework to do, to make it work with the 5 POPs tha=
t are all taking full route feeds.=A0 I tried once and couldn't get the BGP=
tables working correctly with a full mesh of the 5 routers, so it looks li=
ke time to try it again, this time with a route reflector.=A0 =0A=0A=0A=0A=
=0A=0A>________________________________=0A> From: Christopher Morrow <morro=
wc.lists@gmail.com>=0A>To: Eric A Louie <elouie@yahoo.com> =0A>Cc: Patrick =
W. Gilmore <patrick@ianai.net>; NANOG list <nanog@nanog.org> =0A>Sent: Tues=
day, January 14, 2014 10:37 PM=0A>Subject: Re: best practice for advertisin=
g peering fabric routes=0A> =0A>=0A>On Wed, Jan 15, 2014 at 1:22 AM, Eric A=
Louie <elouie@yahoo.com> wrote:=0A>> Thank you - I will heed the warning.=
=A0 I want to be a good community member and make sure we're maintaining th=
e agreed-upon practices (I'll re-read/review my agreement with the IXP)=0A>=
>=0A>>=0A>> So if that is the case, I have to rely on the peering fabric to=
just return traffic, since the rest of my network (save the directly conne=
cted router) will not know about those routes outbound?=A0 And what about m=
y customers who are counting on me routing their office traffic through my =
network into the peering fabric to their properties?=A0 (I have one specifi=
cally who is eventually looking for that capability)=A0 Do I have to provid=
e them some sort of VPN to make that happen across my network to the peerin=
g fabric router?=0A>>=0A>=0A>perhaps I'm confused, but you have sort of thi=
s situation:=0A>=A0 ixp-participants -> ixp -> your-router -> your-network =
-> your-customer=0A>=0A>you get routes for ixp-participants from 'ixp'=0A>y=
ou send to the 'ixp' (and on to 'ixp-participants') routes for=0A>'your-cus=
tomer' and 'your-network'=0A>=0A>right?=0A>=0A>then so long as you send 'yo=
ur-customer' the routes you learn from=0A>'ixp' (which you set 'next-hop-se=
lf' on in ibgp from 'your-router' to=0A>'your-network' (in the ibgp-mesh th=
at you will setup) ... everything=0A>just works.=0A>=0A>All routers behind =
'your-router' in 'your-netowrk' see=0A>'ixp-participants' with a next-hop o=
f 'your-router' who still knows=0A>'send to ixp!' for the route(s) in quest=
ion.=0A>=0A>>=0A>>=0A>>=0A>>>________________________________=0A>>> From: P=
atrick W. Gilmore <patrick@ianai.net>=0A>>>To: NANOG list <nanog@nanog.org>=
=0A>>>Sent: Tuesday, January 14, 2014 7:11 PM=0A>>>Subject: Re: best practi=
ce for advertising peering fabric routes=0A>>>=0A>>>=0A>>>Pardon the top po=
st, but I really don't have anything to comment below other than to agree w=
ith Chris and say rfc5963 is broken.=0A>>>=0A>>>NEVER EVER EVER put an IX p=
refix into BGP, IGP, or even static route. An IXP LAN should not be reachab=
le from any device not directly attached to that LAN. Period.=0A>>>=0A>>>Do=
ing so endangers your peers & the IX itself. It is on the order of not impl=
ementing BCP38, except no one has the (lame, ridiculous, idiotic, and pure =
cost-shifting BS) excuse that they "can't" do this.=0A>>>=0A>>>--=0A>>>TTFN=
,=0A>>>patrick=0A>>>=0A>>>=0A>>>On Jan 14, 2014, at 21:22 , Christopher Mor=
row <morrowc.lists@gmail.com> wrote:=0A>>>=0A>>>> On Tue, Jan 14, 2014 at 9=
:09 PM, Cb B <cb.list6@gmail.com> wrote:=0A>>>>> On Jan 14, 2014 6:01 PM, "=
Eric A Louie" <elouie@yahoo.com> wrote:=0A>>>>>>=0A>>>>>> I have a connecti=
on to a peering fabric and I'm not distributing the=0A>>>>> peering fabric =
routes into my network.=0A>>>>>>=0A>>>>=0A>>>> good plan.=0A>>>>=0A>>>>>> I=
see three options=0A>>>>>> 1. redistribute into my igp (OSPF)=0A>>>>>>=0A>=
>>>>> 2. configure ibgp and route them within that infrastructure.=A0 All t=
he=0A>>>>> default routes go out through the POPs so iBGP would see packets=
destined=0A>>>>> for the peering fabric and route it that-a-way=0A>>>>>>=
=0A>>>>>> 3. leave it "as is", and let the outbound traffic go out my upstr=
eams and=0A>>>>> the inbound traffic come back through the peering fabric=
=0A>>>>>>=0A>>>>>>=0A>>>>=0A>>>> 4. all peering-fabric routes get next-hop-=
self on your peering router=0A>>>> before going into ibgp...=0A>>>> all the=
rest of your network sees your local loopback as nexthop and=0A>>>> things=
just work.=0A>>>>=0A>>>>>> Advantages and disadvantages, pros and cons?=A0=
Recommendations?=0A>>>>> Experiences, good and bad?=0A>>>>>>=0A>>>>>>=0A>>=
>>>> I have 5 POPs, 2 OSPF areas, and have not brought iBGP up between the=
=0A>>>>> POPs yet.=A0 That's another issue completely from a planning persp=
ective.=0A>>>>>>=0A>>>>>> thanks=0A>>>>>> Eric=0A>>>>>>=0A>>>>>=0A>>>>> htt=
p://tools.ietf.org/html/rfc5963=0A>>>>>=0A>>>>> I like no-export=0A>>>>=0A>=
>>=0A>>>=0A>>>=0A>>>=0A>>>=0A>=0A>=0A>
