At 02:08 PM 4/3/2002 -0800, you wrote:
>How do people allocate addresses for the loopback interfaces of their routers?
>
>Obviously loopback interfaces are a Good Thing for OSPF and BGP stability.
>
>What scheme do people us to allocate them?
>
>My situation is I am bringing up a new datacenter with a limited address
>space. I dont want to subnet its /24 to assign loopbacks from that. I
>think using RFC1918 addresses would be a bad thing (does the router ID
>address need to be reachable from the BGP peer? In any event, it could
>lead to rotuer ID collision if another customer of the upstream uses same
>RFC1918 address.)
>
>I dont think using an address from some other space I have in another
>datacenter is a good idea - the BGP announcements for that address would
>originate on the other side of the country. Does that matter? It also
>makes agreggation impossible for that range... Is that my best solution?
>Or am I missing something obvious?
I did Netzero's in 1918 space without any problems. One of the
benefits were nice numbering scheme internally where you didn't have to
worry about space.
10.10.10.1x LA
10.10.10.2x San Jose
etc or another scheme if it make you happy
The loopback should be the source interface for telnet, ssh, tftp,
logging, etc which gives you a bit of security so things aren't routable
outside your network. Of course you should have ACL's anyway.
Also our multi-hop ibgp sessions internally would die correctly if
sites became separated due to outages. While this sounds incredibly flaky
and insane it worked well since we never had our own IP space. Probably not
something you want to actually "plan" to happen.
I was a fan of peering directly to interfaces vs loopbacks since
it seemed to be pointless in a single connection scenario and adds
complexity in a multiple FE connection across a switch fabric scenario. I
never had downstreams either.
I don't think the router ID matters if you're peering by
interfaces, but I don't have anything running BGP currently to check and
can't recall. This link might help since update-source loop is missing from
external peer groups, but it doesn't really give a definitive answer.
Ramin
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:39 EDT