[j-nsp] Dealing with multihomed customer BGP primary/backup links
Harald F. Karlsen
elfkin at gmail.com
Thu Jul 14 03:48:41 EDT 2016
On 14.07.2016 01:43, Cydon Satyr wrote:
> uRPF check doesn't work since customer can just advertise his routes over
> backup link.
> I had some hopes for conditional bgp advertisement and SCU/DCU but I don't
> think it works not to mention it's like trying to kill a bee with a hammer.
>
I'm talking about uRPF *strict* mode, not loose.
uRPF strict should work. The customer will advertise his routes over
both the primary and the backup link, but you will decide to use only
the primary (using local pref) and with no active route in the
forwarding table toward the customers backup link, uRPF strict will deny
any traffic on that link.
If the primary link goes down, the routes in the forwarding table are
moved to the backup link and uRPF strict will start accepting traffic on
that link.
To me this seems like the simplest and most secure solution.
--
Harald
More information about the juniper-nsp
mailing list