[j-nsp] Many contributing routes
Pavel Lunin
plunin at gmail.com
Sat Aug 12 03:55:04 EDT 2017
BTW, I personally think that even aggregate routes bring more headache than
benefits, let alone generate.
Classic case is using aggregate to generate your own public prefixes and at
the same time having a loopback address out of this range. Or a static
route. Or a connected subnet. Theoretically you can sort this out with
policies, but it's very error-prone.
These routes tend to be relatively stable, so NOCs never deal with the
underlying dynamism and often forget to update policies, when adding static
routes/whatever.
Generate is even clumsier, all this "WTF if my next-hop?" tie-breaking
stuff is the best way to the unmanageable mess.
As of my opinion, static floating (preference 999) discard is your friend
for this kind of aggregation.
In addition, in the case of Internet, it's always a good idea to have a
static floating discard, otherwise you have an implicit static floating
REJECT as prescribed by RFC1812 (see your show route forwarding-table) and
all the corresponding risks to DoS your uKernel MPC CPU.
Regards,
Pavel
More information about the juniper-nsp
mailing list