[c-nsp] Problems with peers that don't have full routing tables
Richard A Steenbergen
ras at e-gerbil.net
Sun Mar 4 15:28:24 EST 2007
On Sun, Mar 04, 2007 at 08:58:42AM -0400, Bob Tinkelman wrote:
> But obviously, the situation I was worried about was the
> common one where someone (yahoo in this instance) has
> upstream feeds of "default plus customer routes". I know
> that's a common configuration. (We recommend it for some
> of our customers.) I was surprised to discover that yahoo
> was configured this way, as I thought of them as "one of
> the big guys" (with big routers that could handle full
> routing tables).
I'm certain Yahoo is configured this way intentionally. It is a common
configuration among smart (through Juniper routing-instances) or large
(through dedicated border routers) networks to only carry internal and
customer routes in their peer-facing borders. This way if someone points
default or other non-customer routes at them across a peer, the packets
don't get very far (or there may simply be a default route which lets them
through, but which is carefully logged or rate-limited).
You should also be careful about announcing deaggregates to peers if those
peers also hear your aggregates but not your deaggregates via a customer
relationship. This is a method of stealing full inbound transit via a
peering relationship, which many big networks also watch for. The exact
scenerio is outlined in example #3:
http://www.nanog.org/mtg-0610/presenter-pdfs/scholl-peering-dragnet.pdf
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the cisco-nsp
mailing list