[c-nsp] bgp & static default route?
Stephen J. Wilcox
steve at telecomplete.co.uk
Sat Aug 27 15:28:47 EDT 2005
On Fri, 26 Aug 2005, David Barak wrote:
> Anecdote related to defaults:
>
> I was talking to Patrick Gilmore about a stupid coworker when I was working at
> {very,very large ISP} - I mentioned how this coworker had logged into an edge
> router with > 1000 or so customers, and SHUT DOWN THE LOOPBACK address. This
> of course totally hosed the iBGP, but even worse, the customers (for the most
> part) stayed up, so they were totally blackholing traffic. Even worse, this
> was the TACACS+ source interface, so TACACS didn't work, and the sudden change
> had caused the console port to become unresponsive. A tech had to go out to
> the site to reload the router(which was > 2 hours outside a "major" city) -
> total outage downtime, ~4 hours.
>
> His response to me: "why don't you always have a default pointed up one of
> your uplinks"?
that may not help, what if he had shut the interface that the default pointed
on.. thats the nice thing about routing protocols, you dont force routes that
cant get out and 99.9% of the time it will correctly fail over if things break
the answer to this is you should have fallback to local authentication plus
ensure you can connect from your directly connected core routers
Steve
More information about the cisco-nsp
mailing list