[c-nsp] design ? - two POPs, same AS or different?

Bruce Pinsky bep at whack.org
Fri Aug 18 19:26:06 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roldan, Brad wrote:
> Hi Matthew,
> 
> It is possible to have two POPs with the same ASN, although purists will
> argue that this violates some fundamental unspoken design rule. If you
> plan to also advertise the aggregate /20, you'll need to be careful
> about how you inject the route in your local tables. The Internet at
> large should be able to find your /22s in Europe and San Jose with no
> problems. Traffic at your POPs advertising the /20 will likely go to
> null0 if you just use the "aggregate-address" command. Without seeing
> your actual configs, I'm just guessing.
> 
> At the location(s) where you would want to advertise the /20, one
> possible solution would be something like...
> 
> router bgp <your ASN>
>  aggregate-address 10.10.0.0 255.255.240.0
> !
> ! Create a covering route, or a everything will go to Null0 
> ip route 10.10.0.0 255.255.240.0 <eBGP neighbor next hop IP>
> !
> 
> 
> The solution has some drawbacks, but gets the job done.
> 

Using a GRE tunnel to interconnect the sites, he could use conditional
advertisements to leak the /20 aggregate from one of the sites when the
other is no longer reachable.  When both sites are reachable, they simply
advertise the /22's.  The converse could be done as well to advertise only
the aggregate from both locations, then withdraw it at the reachable site
and advertise only the reachable /22's.

The reason for not using the same ASN at both sites is that an ASN implies
a contiguous administrative routing domain.  Clearly if the sites don't
have direct connectivity, they aren't contiguous.  A GRE tunnel is a hack
that can work, but just because you can, doesn't mean you should.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE5kyOE1XcgMgrtyYRAthbAJ4qMK6oVnM//gjh2T0tDQ7+p2VqUgCg2MNb
0xcjrFdLO3c53xqZEn0bvNg=
=VRuc
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list