[c-nsp] BGP - Announcing routes to Internet providers.

Bob Tinkelman bob at tink.com
Sat Jan 9 09:33:17 EST 2010


I know I'm replying to an email from the beginning of the thread, but...

>> I am trying to figure out if there is a
>> different/newer/better(?) way to announce our public IP
>> ranges to our Internet providers, currently we are declaring
>> our subnets in 'network statements' in the BGP
>> configuration, we have static routes setup like ip route
>> x.x.x.x 255.255.224.0 Null0 254 and then we have a extended
>> access-list applied to each peer with our net blocks listed
>> in them.

>> It appears that because of the network statements, the
>> supernet routes (/18s, /19s, etc) are being distributed via
>> BGP to the rest of the network which is by design(I assume).
>> This doesn't seem ideal because if traffic is sent to an IP
>> address that doesn't have a more specific route than say
>> /18, or /19 it travels all the way through the network to
>> the edge before stopping. I might be blowing the impact of
>> this out of proportion, but it just seems like a waste of
>> resources.

>> Does anyone know of a seemingly more sensible way of doing
>> this?

> You could always tag these hold-down routes with a
> community, then when someone sends a packet to them, the
> next-hop could be rewritten to a local discard/null0
> instance.

> This should allow you to distribute the load instead of
> backhauling the traffic to the final destination/aggregation
> location.

> - Jared

I can think of one possible trap here when implementing this
on a network where

  o  Some routers have only partial routing tables.

  o  Jared's suggestion to black-hole the hold-down routes
     is implemented on these routers (and not just on edge
     routers, as was suggested elsewhere in the thread).

  o  Subnets of an aggregate are allocated to dual-homed
     customers.

Unless you arrange that upstream-heard bgp-announcements of
these subnets are propagated to your partial-routing-table
routers, those routers will be unable to reach the dual-
homed customers when its link is down to you, even if its
link to another upstream is working.


The above may seem like a very unusual combination of
circumstances, but Cogent has been known to commit a very
similar sin on the edge portions of their net between their
"A-peers" and "B-peers".


- Bob


More information about the cisco-nsp mailing list