[67724] in North American Network Operators' Group
Re: BGP - weight
daemon@ATHENA.MIT.EDU (Sven Huster)
Wed Feb 18 06:44:53 2004
Date: Wed, 18 Feb 2004 11:44:16 +0000
To: nanog@merit.edu
Mail-Followup-To: sven@trapdoor.merit.edu, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0402151855310.4569-100000@a.mx.ict1.everquick.net>
From: Sven Huster <sven@huster.me.uk>
Errors-To: owner-nanog-outgoing@merit.edu
Thanks for anyone who answered.
Guess, we sorted it out now.
Sven
On Sun, Feb 15, 2004 at 07:31:46PM +0000, E.B. Dreger wrote:
>
...
>
> SH> As this is a small network internally everything is routed
> SH> via static routes.
>
> Except for the smallest of networks, I try to avoid static
> routes. It's additional work and opportunity for error. Using
> BGP + TCP MD5 auth, OSPF auth, hardcoded ARP entries, per-port
> MAC address restrictions, prefix lists, route maps, etc., one can
> run a dynamic network and still keep security under control.
>
>
> SH> R1 and R2 have full BGP views from the transit providers as
> SH> well as partial view from the peers.
>
> Why not arrange the routers and switch in a single VLAN? (Or did
> I misunderstand your earlier ASCII-art diagram?) I usually use
> something like:
>
> 10.0.0.1/32 local sinkhole
> 10.0.0.2/28 virtual router (HSRP/VRRP; maybe XRRP now)
> 10.0.0.3/28 physical router #1
> 10.0.0.4/28 physical router #2
> : : : : : : :
> 10.0.0.13/28 [routing] switch #2
> 10.0.0.14/28 [routing] switch #1
...
