[j-nsp] Only announce BGP learned networks

Chris Kawchuk juniperdude at gmail.com
Thu Feb 23 01:55:44 EST 2012


On 2012-02-23, at 1:25 AM, Patrick Okui wrote:

> Well, apart from l3vpns you'll typically want to have your 
> infrastructure addresses in your IGP and "internet/customer" addresses 
> in BGP. Default AD of 20 for eBGP in IOS means you'll believe an 
> advertisement from an external AS before say an OSPF or ISIS one for 
> the same exact prefix.[*]

Serendipitous timing of this discussion. Dunno if you guys watch the AUSNOG list.

Major outage in Telstra (AS1221) Australia today:
http://www.smh.com.au/technology/technology-news/internet-crashes-for-telstra-customers-20120223-1tpqq.html

A peer of Telstra ended up re-advertising all of Telstra's own routes back to Telstra as if it originated in the Peers ASN. (a BGP -> OSPF -> BGP redistribution most likely happened)

If eBGP is better than IS-IS/OSPF, then all Telstra traffic (including routes to their own website and their own primary DNSs) went to the peer. Traffic ended up ping-pong'ing between the Peer and Telstra until TTL Expired. (I happen to be a Telstra xDSL subscriber as well at home - got a few traceroutes that looked like this).

Naturally a prefix-limit would have helped; or a route-filter prefix-list... alas apparently neither of these were in effect.

Fun and excitement down under... I have a feeling everyone is re-checking their BGP stanzas with a fine toothed comb today. =)

- Chris.


More information about the juniper-nsp mailing list