[173154] in North American Network Operators' Group
Re: Best practice for BGP session/ full routes for customer
daemon@ATHENA.MIT.EDU (Mark Tinka)
Thu Jul 17 20:39:52 2014
X-Original-To: nanog@nanog.org
From: Mark Tinka <mark.tinka@seacom.mu>
To: Jeff Tantsura <jeff.tantsura@ericsson.com>
Date: Fri, 18 Jul 2014 02:39:12 +0200
In-Reply-To: <CFE95FC7.69BC1%jeff.tantsura@ericsson.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces@nanog.org
--nextPart1692484.0D4dpqEB4L
Content-Type: Text/Plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
On Monday, July 14, 2014 07:32:43 PM Jeff Tantsura wrote:
> Mark,
>=20
> BGP to RIB filtering (in any vendor implementation) is
> targeting RR which is not in the forwarding path, so
> there=B9s no forwarding towards any destination filtered
> out from RIB.
> Using it selectively on a forwarding node is error prone
> and in case of incorrect configuration would result in
> blackholing.
As with every feature on a router, you need to know what=20
you're doing to make it work.
Don't blame the cows if you turn on knobs you have no=20
business using, or don't care to learn the risks of.
We use this feature in our network successfully, because we=20
know what we're doing, and care to understand the risks.
If I use it in a manner other than previously directed=20
(while I know it's a use-case, I've never heard of any=20
vendor saying it ONLY targeted out-of-path route reflectors,=20
but then again, I don't generally walk vendor corridors for=20
the scoop), well, welcome to the Internet; where core=20
routers can either be behemoths that move air the size of a=20
football field and could be mistaken for seismic detection=20
machines, or last generation's x86 home desktop running=20
Quagga and grandma's health app :-).
Mark.
--nextPart1692484.0D4dpqEB4L
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJTyGy0AAoJEGcZuYTeKm+GQ/MP/1XXzoilFkyJ3fMDa05uORNu
lAB7798KsxIkXOh5Y7iNAk0zm8Q0IA786u9mckJjPO0mq0N4xxlMus6FOtnfYrmn
1FENIsY5mU0i4BzfT3rP66k/ZaJS2e2QfXpGzd3dVbaCz8q4b+LQikSt7ucxCWEL
hz8canvWXm+F5HMSyZDzZHAqM3aw4P6n8jlzk3nOXKOjEso+xgG8AnElvDkVCEDH
c5nz2ou3AFSWTaipu6DBSLXVQa+RnLXmXwpRy2MlLbsPqXOw8/d09ZMfa27Fg4h/
on+gWJ9cYRDzTRbvHsuuMZqvI6cf7GM0+fqnvuPrUAuNXMO00U2rI6mpPp+cOGd1
jDf+5S0WP//4Ez4Yt2aJaWk7bfaW3ePiJJl5+scZ+Ms9u3l59A1UNWKdUiqewqud
boDXYtsjkK315zhQVOUCmP8XGy039aFUxTZuXxAu3onOpEehnvTV0csJMP2XNBOY
ckK/1h3KmyGENptlVUQ4Mgvn73BXjbly/k8eI6hh3cqcedlmzsG9FDOazQ7XQqyk
TVrQBmqsNbfXPHNdIR2BWZmV/UuO+dFo40EKyNvnH+y1deYA3k4DDqD5Om5txmsZ
mh1tkPE9Dj9x7Volt9A6m2lUXZKNST5ZRteCQQxzAvGEyCozVABvDSfBTcaDrBY1
ftyxCZsXO0sLwWfpn021
=QjKr
-----END PGP SIGNATURE-----
--nextPart1692484.0D4dpqEB4L--
