[c-nsp] BGP - Announcing routes to Internet providers.

David Freedman david.freedman at uk.clara.net
Thu Jan 7 09:09:20 EST 2010


Prior to MPLS We null routed *all* our "supernets" (public aggregated
announcements) on *all* core routers such that unknown traffic only made
it as far as the nearest core (of which there are at least two in each
PoP), of course if your ASN becomes partitioned then you have to be
prepared to deal with this, our solution being never to allow the AS to
be partitioned by building a highly resilient topology :)

More specific customer networks in BGP were tagged by route-map and had
our "internal" communities applied plus "no-export" to ensure that they
couldn't be leaked by accident (say if border community filtering failed
somehow)

When you add MPLS into the mix (for internet routing, not just VPN) your
border router becomes an LER and as such you can't take advantage of the
core routers and have them MPLS only LSRs at the same time.
One solution may be to inject your supernets from your sources (i.e
reflectors), perhaps with a bogus next hop (i.e with enough validity to
be announced but not forwarding if it ever became a valid route for
traffic to follow at the edge)

Hope this helps

Dave./

Drew Weaver wrote:
> Howdy,
> 
> I am trying to figure out if there is a different/newer/better(?) way to announce our public IP ranges to our Internet providers, currently we are declaring our subnets in 'network statements' in the BGP configuration, we have static routes setup like ip route x.x.x.x 255.255.224.0 Null0 254 and then we have a extended access-list applied to each peer with our net blocks listed in them.
> 
> It appears that because of the network statements, the supernet routes (/18s, /19s, etc) are being distributed via BGP to the rest of the network which is by design(I assume). This doesn't seem ideal because if traffic is sent to an IP address that doesn't have a more specific route than say /18, or /19 it travels all the way through the network to the edge before stopping. I might be blowing the impact of this out of proportion, but it just seems like a waste of resources.
> 
> Does anyone know of a seemingly more sensible way of doing this?
> 
> -Drew
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list