[175861] in North American Network Operators' Group
Re: Default routes on BGP routers with full feeds
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Nov 5 12:48:59 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <A861DF6A-B4CB-4103-A55A-2119AE83516E@ip-only.se>
Date: Wed, 5 Nov 2014 09:48:00 -0800
To: Andreas Larsen <andreas.larsen@ip-only.se>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Nov 4, 2014, at 10:49 PM, Andreas Larsen =
<andreas.larsen@ip-only.se> wrote:
>=20
> There is one setup where you would need default route from your =
provider.=20
That may be true, but this isn=E2=80=99t it=E2=80=A6
> If you have no IBGP between two sites and your prefix is a large /16 =
on side and maybe a /18 from that /16 on another site. These site would =
not be able to talk to each other if you orginate from the same AS.=20
1. Don=E2=80=99t do this. No, really, this is like the old joke =
about =E2=80=9CDoctor, Doctor, it hurts when I do this!=E2=80=9D. Just =
get a second AS.
Supposed definition of an AS: =E2=80=9CA collection of prefixes =
with a common routing policy=E2=80=9D.
If you have a /18 advertised from group A and a /17 and a /18 =
advertised from group B (even if you=E2=80=99re pretending it=E2=80=99s =
a /16
and including the covered separate /18), then you have 3 =
(or pretending 2) prefixes which have different routing
policies.
2. If you are going to do this, then you=E2=80=99re better off =
building a tunnel between the sites and setting up iBGP across the =
tunnel.
3. Another option is to coerce your BGP into accepting routes with =
your own AS in the AS PATH. This circumvents BGP loop
detection, but if you=E2=80=99re two sites are stub sites (and I =
can=E2=80=99t imagine a scenario where you would do this with transit =
sites),
then that is a pretty low risk. Further, you can filter out the =
potential loop routes pretty easily since you know which ones
are local to each site, making that particular loop detection =
irrelevant).
> Other than that I see not harm in having both default and a full table =
since longest prefix match will always win even if you have 2 or more =
transits.
The harm is that instead of dropping traffic that can=E2=80=99t go =
anywhere, you=E2=80=99re passing it to someone else to drop for you. I =
suppose as long as you=E2=80=99re paying for the bandwidth used, it=E2=80=99=
s not a big deal, but it also breaks your ability to implement things =
like BCP38.
Owen
>=20
> // Andreas
> Med v=C3=A4nlig h=C3=A4lsning
> Andreas Larsen
> =20
> IP-Only Telecommunication AB| Postadress: 753 81 UPPSALA | =
Bes=C3=B6ksadress: S:t Persgatan 6, Uppsala |
> Telefon: +46 (0)18 843 10 00 | Direkt: +46 (0)18 843 10 56
> www.ip-only.se <https://webmail.ip-only.net/owa/UrlBlockedError.aspx>
>> 5 nov 2014 kl. 02:41 skrev Chris Rogers <crogers@inerail.net =
<mailto:crogers@inerail.net>>:
>>=20
>> We don't accept a default from anyone, but will send one to a =
customer when
>> specifically requested.
>>=20
>> We heavily filter all incoming routes (bogon, 1918, and many others). =
We
>> don't want data resorting to 0/0 and ::/0 when we specifically =
rejected the
>> matching route at the import policy.
>>=20
>> Additionally, if your upstream isn't announcing a route to you, where =
are
>> they going to send your traffic anyway?
>>=20
>> Regards,
>> Chris Rogers
>> +1.302.357.3696 x2110
>> http://inerail.net/ <http://inerail.net/>
>>=20
>> On Tue, Nov 4, 2014 at 5:42 PM, Owen DeLong <owen@delong.com> wrote:
>>=20
>>> It seems in such a case, the traffic still doesn=E2=80=99t know =
where to go, but
>>> you don=E2=80=99t realize it because you have a default.
>>>=20
>>> Then you pass the traffic to one of the providers who doesn=E2=80=99t =
have a route
>>> for it and they drop it instead of you.
>>>=20
>>> If you see something different, then, by definition, said provider =
is not
>>> feeding you a full set of their tables, or, they, too, are depending =
on a
>>> default and are not receiving a full set of tables.
>>>=20
>>> Owen
>>>=20
>>>> On Nov 4, 2014, at 10:25 AM, Mike Walter <mwalter@3z.net> wrote:
>>>>=20
>>>> I have 5 providers and we get the default from all of them and full
>>> routing tables.
>>>>=20
>>>> I have seen cases where if there is no default route, the traffic =
didn't
>>> know where to go, even with full routes from all my providers.
>>>>=20
>>>> -Mike
>>>>=20
>>>> -----Original Message-----
>>>> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry =
Mobley
>>>> Sent: Tuesday, November 04, 2014 12:47 PM
>>>> To: nanog@nanog.org
>>>> Subject: Default routes on BGP routers with full feeds
>>>>=20
>>>> I'm wondering how many of you who are multihomed also add default
>>>> routes pointing to your providers from whom you are receiving full =
feeds.
>>>>=20
>>>> If so, why? If not, why not?
>>>>=20
>>>> Thanks,
>>>>=20
>>>> Berry
>>>=20
>>>=20
>=20
