[c-nsp] (no subject)

Justin M. Streiner streiner at cluebyfour.org
Thu Oct 2 15:15:48 EDT 2014 

On Thu, 2 Oct 2014, Paul Wozney wrote:

> Okay so I've got two BGP routers here, accepting partial routes - one
> carrier to each router. Each carrier advertises a default route. I use an
> as-path filter to limit learned routes to those of the carrier +1 ASn:
>
> ip as-path access-list 11 permit ^NNNN_[0-9]*$

Why are you doing this?  Unless you have hardware that can't handle full 
tables, there really isn't a need to do this and it can limit your options 
for avoiding an outage.

> One carrier has now had two outages in the last year where they've lost
> their upstream. They continue to advertise a default route to us, so our
> network experiences failures until we kill the link.

Do the more specific routes this provider normally advertises to you 
disappear (just leaving you with a default route from them) when this 
happens?  If no, then you need to yell at this provider for implementing a 
bad design.

> It strikes me that if we had FULL routes (and no default route accepted) we
> could react automatically to failures like this - we could share tables
> between the routers and if one carrier lost half their routes we'd pick
> them up from the other router.

Are running IBGP between your two edge routers?

> Is this just how life with partial routes is? Or is there something else I
> can do?

If your provider is sending you routes that they don't actually have 
reachability to - you're going to see traffic get black-holed.  Whether 
you get full routes, a partial feed, or just default doesn't matter 
(much).  If your provider sends you a route, you are trusting that your
provider has reachability to that destination, or they can pass your traffic
to another provider who does, or will at least get you one AS closer to your
destination.  BGP, as presently deployed, has no easy way for you to 
determine which routes suddenly become invalid, and withdraw them in the 
situation you described above.

Getting full routes allows you to make more fine-grained routing decisions 
on how your outbound traffic flows, however whether your routers can 
handle multiple full BGP feeds (IPv4 is over 512k routes today, and IPv6 
is closing in on 20k) depends greatly on your hardware.

jms

More information about the cisco-nsp mailing list