[c-nsp] IPV6 RTBH on IOS

Gert Doering gert at greenie.muc.de
Tue May 3 03:51:49 EDT 2016 

Hi,

On Tue, May 03, 2016 at 09:30:20AM +0200, Marco Marzetti wrote:
> > I have a feature request to at least add a knob for "please use GUA
> > next-hop!" - CSCut26765 - it was opened by a friendly Cisco developer,
> > and I have no read access to it, so no idea whether it's proceeding or
> > not.  But if you have interest in getting this fixed, please open a
> > case and link to it...
> 
> As far as i can see there are two valid options for that:
> 1) route-map + disable-connected-check
> 2) bgp table-map
> 
> And on XR (5.3.1) you only need the route-policy.
> 
> Why do we need yet another knob?

The general concept of "you peer over a GUA, but do not use your peer's
IPv6 address for forwarding but something different" is fragile.  We've
seen case where the peer router had problems with neighbour discovery on
his link-local-address - but ND on the GUA worked fine.  So BGP comes up,
prefixes are learned, installed in the FIB, and forwarding fails due to
missing ND entry -> black-holing, and it's quite hard to notice & monitor
this.

There is no advantage in using the link-local address as forwarding next-hop
here - and a number of disadvantages.

(This is different from OSPFv3 which actually *talks* on the LLAs, so using
LLAs for the FIB is logical and robust)


On XR, you can do "set ipv6 next-hop peer-address", which works for most
cases (it fails for route-server setups), but that command on IOS is 
"not supported on ingress", so it doesn't do anything.

The special case of "I want to do RTBH" can be solved with the approaches
you've described, but this is a slightly wider issue which manifests in
different places again and again - so sorry for hijacking the thread for
my personal sandbox rant, but this REALLY needs fixing :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160503/3e05fe90/attachment.sig>

More information about the cisco-nsp mailing list