[86281] in North American Network Operators' Group
Re: oh k can you see
daemon@ATHENA.MIT.EDU (Joe Maimon)
Mon Oct 31 17:47:12 2005
Date: Mon, 31 Oct 2005 17:46:45 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: Randy Bush <randy@psg.com>
Cc: nanog <nanog@merit.edu>
In-Reply-To: <17254.39054.93632.763983@roam.psg.com>
Errors-To: owner-nanog@merit.edu
Randy Bush wrote:
> so a few of us are still looking at routing through the anycast
> sunglasses. a particular probe is seeing instability [0] for
> k.root-servers.net [1]. so we hop on to a router nearby, and
>
> o this obscures their path to k1
>
> o and, as they obey k0's NO_EXPORT, they can not export any
> route to a k.root-servers.net server to t0
Isnt this the standard problem? Why does anycast have any special
bearing on the problem? (perhaps it doesnt you just want someone to fix it)
My amateurs understanding of this is that:
Sites connected to providers who have chosen a path marked as NO_EXPORT
as best over one not so marked will not get any route to that prefix
from that provider. They better hope that they are connected to another
provider who did not select as best path a NO_EXPORT marked prefix.
A number of conclusions can possibly be made:
NO_EXPORT is not safe to be used while trying to traffic engineer but
maintain global connectivity.
NO_EXPORT is only safe for more specific prefixes, as long as there is a
less specific prefix that is still usuable.
NO_EXPORT to a large provider with potential large numbers of single
homed BGP customers who may not be taking a 0/0 (in an attempt to use
SAV?) is probably not a good idea
NO_EXPORT to large providers raises the probablity of there being sites
who multihome to only those, therefore NO_EXPORT to multiple large
providers is almost certainly dangerous.
traffic engineering done by the core based upon instructions from the
edge is dangerous.
