[25106] in North American Network Operators' Group
Re: IS-IS reference
daemon@ATHENA.MIT.EDU (Dave Cooper)
Mon Sep 13 19:19:56 1999
Date: Mon, 13 Sep 1999 16:17:54 -0700
From: Dave Cooper <dcooper@gulp.org>
To: Vadim Antonov <avg@kotovnik.com>
Cc: nanog@merit.edu
Mail-Followup-To: Vadim Antonov <avg@kotovnik.com>, nanog@merit.edu
In-Reply-To: <199909132239.PAA20535@kitty.kotovnik.com>; from Vadim Antonov on Mon, Sep 13, 1999 at 03:39:16PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
1. Use IBGP and redistribute connected/static and when you can, aggregate
those statics/connecteds at each router.
2. Use IGP (IS-IS level-2 or OSPF area0) for the backbone links and
IBGP, Any-RP loopbacks. Don't add instability to your
IGP when you have IBGP that can take care of it much more efficiently.
As long as IGP can reach/see each router's loopback, IBGP will
work great for connecteds/statics (just make sure you don't announce
these specifics to your peers).
3. Don't use static routing for backbone links.... i am not sure how that
even came up. Remember this is a NSP of some sorts.
4. Do multicasting, just make sure you get clueful on it. Its not rocket
science... and with PIM sparse/dense, its much easier than the DVMRP
days. (and make sure you get on a good IOS release and stay off the
buggy releases)
-dave
Vadim Antonov wrote:
>
> I think the right plan of action should be: a) design numbering plan allowing
> aggregation on per-location basis; b) design a dynamically-routed redundant
> backbone and c) attach tree-like access networks to the backbobne.
>
> The backbone should not take _any_ routing information from the leaf networks.
> It would also help to keep strict access controls, and separate backbone routers
> from leaf access routers, so only the authorized backbone engineers can change
> things in those.
>
> Leaf networks should do static routing, and no proxy ARP. This way any damage from
> badly behaving hosts or apps is limited to the segment they're on.
>
> And don't do multicasting.
>
> May be we should start defensive networking classes? :)
>
> --vadim
