[j-nsp] Only announce BGP learned networks
Chris Kawchuk
juniperdude at gmail.com
Thu Feb 23 01:55:44 EST 2012
On 2012-02-23, at 1:25 AM, Patrick Okui wrote:
> Well, apart from l3vpns you'll typically want to have your
> infrastructure addresses in your IGP and "internet/customer" addresses
> in BGP. Default AD of 20 for eBGP in IOS means you'll believe an
> advertisement from an external AS before say an OSPF or ISIS one for
> the same exact prefix.[*]
Serendipitous timing of this discussion. Dunno if you guys watch the AUSNOG list.
Major outage in Telstra (AS1221) Australia today:
http://www.smh.com.au/technology/technology-news/internet-crashes-for-telstra-customers-20120223-1tpqq.html
A peer of Telstra ended up re-advertising all of Telstra's own routes back to Telstra as if it originated in the Peers ASN. (a BGP -> OSPF -> BGP redistribution most likely happened)
If eBGP is better than IS-IS/OSPF, then all Telstra traffic (including routes to their own website and their own primary DNSs) went to the peer. Traffic ended up ping-pong'ing between the Peer and Telstra until TTL Expired. (I happen to be a Telstra xDSL subscriber as well at home - got a few traceroutes that looked like this).
Naturally a prefix-limit would have helped; or a route-filter prefix-list... alas apparently neither of these were in effect.
Fun and excitement down under... I have a feeling everyone is re-checking their BGP stanzas with a fine toothed comb today. =)
- Chris.
More information about the juniper-nsp
mailing list