[j-nsp] network engineering
Tore Anderson
tore at linpro.no
Fri Feb 6 12:20:35 EST 2009
* Keegan.Holley at sungard.com
> Direct routes always take precedence over BGP unless it's configured
> otherwise so hopefully this address is in your IGP or next hop self is
> configured. Also, if you talking only about the directly connected
> route used for your peer, wouldn't the return traffic be your fault for
> advertising 123.0.0/30 to AS321 and vice versa?
The direct routes on the eBGP links are only to 123.0.0.0/30 and
321.0.0.0/30 in my example. What I'm talking about is if someone sends
a ping from, say, 111.0.0.1 in AS111 (an AS to which I'm not connected),
to 321.0.0.2, and I want to reply to that ping. This is what happens:
The ping packet will reach me through the link to AS321 due to the fact
that 321.0.0.2 is part of AS321's PA space, I have no control over that.
However, when my router is replying to that packet it'll look up the
route to 111.0.0.1, find that it's available as an eBGP route (_not_ as
a directly connected route) through both AS123 and AS321, and since
routes learnt from AS123 has a higher local preference my router will,
by default, route the ping reply packet using the route through AS123.
Which is in my opinion bad, since the source address of the ping reply
is 321.0.0.2, part of AS321's PA space, not my own.
I believe the same problem will occur if 111.0.0.1 does a traceroute to
somewhere inside my network and the inbound packets come through AS321,
the ICMP TTL exceeded-packets will be routed out through AS123 and
possibly be discarded.
Regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
More information about the juniper-nsp
mailing list