[c-nsp] Best Practice - Downstream BGP Customer - Advertising Point to Point

Saku Ytti saku at ytti.fi
Wed Apr 7 02:41:12 EDT 2010


On (2010-04-06 18:43 -0400), Paul Stewart wrote:

 
> This particular downstream customer is multihomed and their monitoring
> platform doesn't have the ability to handle BGP related trap events properly
> at this time.  Their hope was that they could verify via a simple ping test
> if connectivity was up, understanding that BGP could be down while their
> interface is still up ...

Perhaps I misunderstood here something, but from your description I
understood that customer is capable of monitoring interface up/down status,
but this is not satisfactory in guaranteeing end-to-end connectivity.
 However, if interface is UP, couldn't they simply ping your end, as they
would be able to redistribute the prefix to IGP. And as they won't get /30
route from Internet, the best route when interface is up, would always
point to the link.

Monitoring/alarm chain would be
 1) is interface up?
 2) is BGP neighbour pingable?
 3) is BGP session up? (which they may be unable to monitor)

> What do other folks do for downstream customers?  Our answer in the past is
> "it's not our problem" which is what we've seen from upstream providers in
> the past hence why we moved to BGP traps for alarms...

We don't route the linknet at all for transit customers, and customers with
managed CPE we do this:
int foo
 ip address 10.10.10.0 255.255.255.254
!
ip route 10.10.10.1 255.255.255.255 foo

So even for managed customers we guarantee that the PE side address is only
reachable to customers connected to the router. We do this in effort to
remove attack points from the router.

-- 
  ++ytti


More information about the cisco-nsp mailing list