[c-nsp] "pull-up" routes not actually preventing BGP damping ?
Mark Zipp
mark.r.zipp at gmail.com
Mon Sep 18 20:25:23 EDT 2006
Hi Jee,
On 18/09/06, Jee Kay <jeekay at gmail.com> wrote:
> What are you trying to achieve?
I'm trying to prevent AS internal instability being visible to eBGP peers.
> It seems you are saying your border
> either knows about the /8 from your core, or it knows about it from
> your static route. Either way, the route will always be present on
> your border.
>
The problem is that because Cisco IOS seems to automatically attach a
MED to the eBGP announced route, with the MED value being either the
IGP metric for the route or 0 for the sink route. As this MED change
causes an eBGP UPDATE, this causes the upstream router record this as
a route flap, if route dampening is enabled on the upstream router.
This completely defeats the purpose of trying to create a "pull up"
route in the first place - namely, to hide IGP instability from eBGP
peers, by avoiding WITHDRAWL/UPDATE cycles. However, this technique
seems to create UPDATE (IGP, MED=IGP metric)/UPDATE
(Null0,MED=0)/UPDATE (IGP,MED=IGP metric)/(etc.) cycles, which are
also considered by Cisco's IOS to be route flaps, triggering route
damping penalties, and potentially route suppression.
This wouldn't be an issue for more specific routes within the AS,
where the null0 route is for an aggregate - the MED would never change
because the aggregate pull up route would always be the one in the
RIB. However, it is an issue when, for example, the IGP carried route
is a /24, the sink route is the matching /24, and that /24 is also the
route size also announced to eBGP peers.
I've seen technique recommended in "Internet Routing Architectures,
2nd Ed", pg 325, "BGP" by Iljitsch van Beijnum, pg 77 and one or two
presentations from the various "OG" meetings. The examples seem to be
showing a matching internal and external prefix length.
I'm curious if attaching a changing MED is a relatively recent IOS
change, which I think would mean this technique needs to be either
abandoned or modified, because it creates successive BGP UPDATEs that
can trigger route damping. If IOS has always done this, then I'd think
this technique may have tiggered excessive route damping rather than
minimising it, for scenarios where the internal prefix length is the
same as that which is announced to eBGP peers that have damping
enabled.
> Why not just remove the AD on the static route? This would mean your
> advertisement will always use the static route as its source.
>
Then the sink route is put in the route/forwarding table, and would
therefore drop all packets towards this destination, rather than using
the IGP version to forward packets towards their destination.
Thanks,
Mark.
More information about the cisco-nsp
mailing list