[j-nsp] JUNOS Equivalent to CISCO IOS next-hop-self
Jan Czmok
czmok at gatel.net
Tue Dec 16 01:44:11 EST 2003
Michael Lyngb?l (michael at lyngbol.dk) wrote:
> On 15.12.2003 15:51:14 +0000, Jeff Wheeler wrote:
> > I question the utility in using next-hop-self on internal sessions, or
> > even eBGP import policy-statements. In my ASes, I keep the remote (/30)
> > next-hop and import the /30s into my IGP. This allows me to tweak the
> > metrics on those /30s as another means of controlling my egress paths.
>
> BGP MED or IGP metric to next-hop (router loopback). Only set
> next-hop-self on the eBGP ingress router, not on iBGP sessions.
[x] not everybody is using BGP med in the correct way :-(
> For eBGP peering session over a common IX LAN this practice is bad as
> you would carry, say, 195.66.225.254/23 as BGP next-hop; what happens if
> some one happens to inject 195.66.225.254/24 into your routing table?
[x] protect your infrastucture - it's a GoodIdea(tm) to reject
195.66.22x/23 or longer in your routingtable. if most of us (a lot of
ISPs i know) use loopback redist'ed into IGP (usually IS-IS) and have
all their routes in bgp. if you next-hop the ibgp sessions, nothing
would happen if somebody injects this, so i second your opinion.
>
> > When you rewrite learnt next-hops to the addresses of your own routers,
> > you lose the ability to influence the IGP-cost step in BGP best-path
> > selection based on the specific eBGP peer.
>
> You would still choose the shortest IGP path to the next-hop (loopback
> address on egress router) if you overwrite next-hop on ingress.
>
--jan
--
Jan Czmok, Network Engineering & Support, Global Access Telecomm, Inc.
Ph.: +49 69 299896-35 - fax: +49 69 299896-40 - sip:13129*522 at inoc-dba.pch.net
More information about the juniper-nsp
mailing list