[c-nsp] ebgp vs ibgp admin distance

Shakeel Ahmad shakeelahmad at gmail.com
Sat Aug 12 14:44:09 EDT 2006 

in Philip words:

"

The default distance for eBGP is 20, the default distance for iBGP is 200,
and the default distance for OSPF is 110. This means that there is a
potential for a prefix learned by eBGP to override the identical prefix
carried by OSPF. Recall from the Routing presentation that there is a
distinct separation between BGP and OSPF processes – prefixes present in
OSPF will never be found in BGP, and vice-versa. To protect against
accidents**, the eBGP distance is set to 200 also.


** There have been several incidents in the past where denial of service
attacks on ISP networks have been successful because ISPs have omitted basic
routing protocol security. Setting the BGP distances to be greater than any
IGP is one of the mitigation methods available."



regards,

Shakeel

On 8/11/06, david.ponsdesserre at uk.bnpparibas.com <
david.ponsdesserre at uk.bnpparibas.com> wrote:
>
> you sure it not
>
> router bgp XXXX
> >          bgp deterministic-med
> >          no synchronization
> >          no auto-summary
> >          distance BGP 200 200 200
>
>
> On the other hand is that a best practice for Vrf Environment (
> MPLS)  when
> the same prefix is learn via Ebgp ( ad=20 )  and Mibgp ( ad=200 ) because
> of a backdoor
>
> Those prefixes are coming from two different Bgp As , therefore the
> command
> bgp deterministic-med is not usefull .....
>
> The command bgp always-compare-med is may be the more appropriate one on
> that case ...
>
>
>
> Let me know what you think .
> Rgds
> David
>
>
>
>
>
>
> |---------------------------------------->
> |          Internet                      |
> |          shakeelahmad at gmail.com        |
> |                                        |
> |                                        |
> |          Sent by:                      |
> |          cisco-nsp-bounces at puck.nether.|
> |          net                           |
> |                                        |
> |          11/08/2006 10:13              |
> |---------------------------------------->
>
> >---------------------------------------------------------------------------------------------------------------|
> |
> |
> |
> |
> |
> To|
> |
> sthaug                                                                                                  |
> |
> cc|
> |
> cisco-nsp
> |
>
> |                                                                                                        Subject|
> |       Re: [c-nsp] ebgp vs ibgp admin
> distance                                                                 |
> |
> |
> |
> |
> |
> |
> |
> |
> |
> |
> |
> |
>
> >---------------------------------------------------------------------------------------------------------------|
>
>
>
>
> Agreed to this... Philp Smith (Cisco) also recomended the same ... as best
> practice.
>
>
> Shakeel
>
>
> On 8/11/06, sthaug at nethelp.no <sthaug at nethelp.no> wrote:
> >
> > > Routes are matched against BGP best path selection. If you have same
> > > metrics/variables of a prefix received via eBGP and iBGP, eBGP will
> win.
> > >
> > > Then onto admin distance, 20 for ebgp, 200 for ibgp.
> >
> > I have seen several places where Cisco recommends setting admin distance
> > the same (200) for both EBGP and IBGP. A Cisco BGP workshop held in
> > Stockholm, Sweden in February 2003 (by Alvaro Retana and Daniel Walton)
> > recommended the following BGP template:
> >
> >         router bgp XXXX
> >          bgp deterministic-med
> >          no synchronization
> >          no auto-summary
> >          distance 200 200 200
> >
> > Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> This message and any attachments (the "message") is
> intended solely for the addressees and is confidential.
> If you receive this message in error, please delete it and
> immediately notify the sender. Any use not in accord with
> its purpose, any dissemination or disclosure, either whole
> or partial, is prohibited except formal approval. The internet
> can not guarantee the integrity of this message.
> BNP PARIBAS (and its subsidiaries) shall (will) not
> therefore be liable for the message if modified.
>
>
> **********************************************************************************************
>
> BNP Paribas Private Bank London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in
> the United Kingdom.
>
> BNP Paribas Securities Services London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in
> the United Kingdom.
>
> BNP Paribas Fund Services UK Limited is authorised and
> regulated by the Financial Services Authority
>
>

More information about the cisco-nsp mailing list