[c-nsp] ibgp TTL

JC Cockburn ccie15385 at gmail.com
Thu Oct 15 02:54:49 EDT 2009


Hi,
What about simple acl on the non-mpls interfaces blocking bgp from loopback
of ibgp src -> loopback of ibgp dest? Am I missing the boat completely?

I know you don't want acl's on any core intf's, but if you want funny
solutions you might have to do funny stuff...

Cheers

;-)

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oliver Boehmer
(oboehmer)
Sent: Thursday, October 15, 2009 8:09 AM
To: David Freedman
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ibgp TTL

 
> How about explicit path TE with no autoroute announce (and only
statics
> for these dedicated iBGP loopbacks?)

well, if the only path to the destination is through the "non-MPLS part
of the network", there will be no TE path available. so the tunnel will
go down and the statics go away, and IGP path will be chosen. Well, you
could add loating statics to Null0.. but this is certainly not "nice"
and requires lot of manual work..

	oli

> >> More detail:
> >>
> >> I have a standard IP/MPLS backbone with MP-iBGP between PEs
loopbacks
> with
> >> IS-IS L2 or OSPF area 0 as IGP.
> >>
> >> This IGP is extended to some non MPLS routers X.
> >>
> >> In some backbone links failure, IGP allow MP-iBGP to stay UP via X
links
> >> (non MPLS).
> >>
> >> This specific IGP design introduce a L3VPN blackhole that can be
solved
> by
> >> IGP prefix filtering or by limiting TTL for MP-iBGP sessions, if
possible
> :)
> >
> > Hmm, you could also cause iBGP session to fail if you just add an
> interface ACL not allowing iBGP between your PEs across the links not
> running MPLS.
> >
> > Not sure if there is any real solution to this, other than
increasing the
> link metric towards the "non-MPLS-capble part" so much that MPLS
packets
> will not cross these links (or turn this part of the network into a
stub
> area to achieve the same).
> >
> > 	oli
> >
> >
> >
> >> On Wed, Oct 14, 2009 at 2:10 PM, Oliver Boehmer (oboehmer)
> >> <oboehmer at cisco.com> wrote:
> >> yes, only supported for ebgp. Would be interested about the "very
> >> specific design" and why Manu requires this functionality?
> >>
> >>        oli
> >>
> >>> AFAIK this command is for eBGP only, no?
> >>>
> >>> On Tue, Oct 13, 2009 at 10:07 PM, Matlock, Kenneth L
> >>> <MatlockK at exempla.org>wrote:
> >>>
> >>>> Router bgp <AS>
> >>>> Neighbor <AS> ttl-security hops <hops>
> >>>>
> >>>> ?
> >>>>
> >>>> Ken Matlock
> >>>> Network Analyst
> >>>> Exempla Healthcare
> >>>> (303) 467-4671
> >>>> matlockk at exempla.org
> >>>>
> >>>>
> >>>>
> >>>> -----Original Message-----
> >>>> From: cisco-nsp-bounces at puck.nether.net
> >>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
> >>>> Sent: Tuesday, October 13, 2009 4:52 AM
> >>>> To: cisco-nsp at puck.nether.net
> >>>> Subject: [c-nsp] ibgp TTL
> >>>>
> >>>> For a very specific design, i need to limit TTL value in
> >> ibgp-multihop.
> >>>> Is it possible to limit iBGP TTL like we do with ebgp-multihop
ttl
> >>>> command?
> >>>>
> >>>> Any input appreciated.
> >>>>
> >>>> Manu
> >>>>  _______________________________________________
> >>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>>
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list