What I meant to ask is ..... Why get the default route via BGP from your Upstream... Why not set is statically (ip sla track, or monitor gateway etc).
IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so I am not sure what that will cover you for.. In regards to OSPF redistributing default routes, I believe managing a statically done default route is easier and safer to inject and manage, vs one coming from your upstream. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: [email protected] > From: "Cassidy B. Larson" <[email protected]> > To: [email protected] > Sent: Monday, May 16, 2016 11:18:16 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > We do a cisco ip sla track to make sure BGP is up on the upstream facing > interface for the static default to be valid. >> On May 16, 2016, at 9:04 AM, Faisal Imtiaz < [email protected] > >> wrote: >> Interesting.... Carl, doing a manual static default route does not do the >> trick >> for you ? >> Regards. >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: [email protected] >>> From: "Carl Peterson" < [email protected] > >>> To: [email protected] >>> Sent: Monday, May 16, 2016 10:42:35 AM >>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>> For #3, I generally ask for full route + a default. The default is for >>> default >>> information originate for OSPF. If there isn't a default in the routing >>> table, >>> my edge router won't advertise a default to non-bgb ospf peers. You don't >>> want >>> a static default in case the peer goes down. >>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < [email protected] > wrote: >>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole >>>> filtering). >>>> Josh >>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >>>> [email protected] > wrote: >>>>> that request, lacking my fundamental understanding of the terminology, >>>>> would be >>>>> phrased how? >>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < [email protected] > wrote: >>>>>> Yes, it requires your upstream to support a blackhole BGP community. >>>>>> This allows >>>>>> you to advertise host routes (/32 or smaller) to them using a specific >>>>>> BGP >>>>>> community when you want your ISP to drop all traffic for the prefix >>>>>> before it >>>>>> reaches you. This is -very- useful for DDoS defense. >>>>>> Josh >>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>>>> [email protected] > wrote: >>>>>>> That requires something specific? >>>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < [email protected] > >>>>>>> wrote: >>>>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>>>>>> We are >>>>>>>> moving away from upstreams that do not utilize IRR Entries and require >>>>>>>> intervention every time we want to make a change, but it is continuous >>>>>>>> for us, >>>>>>>> so for most guys the one time setup is not a big deal, plus the >>>>>>>> upstream has to >>>>>>>> be trusting enough that we will have the correct filtering on our end. >>>>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>>>> Erich Kaiser >>>>>>>> The Fusion Network >>>>>>>> [email protected] >>>>>>>> Office: 630-621-4804 >>>>>>>> Cell: 630-777-9291 >>>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < [email protected] > >>>>>>>> wrote: >>>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>>>> Canada, a >>>>>>>>> few in the US, and definitely a large number in Europe) will say “do >>>>>>>>> you have >>>>>>>>> an IRR entry at RADB?” and if you say yes then they will use the >>>>>>>>> route object >>>>>>>>> information but if you say no then they will tell you to open a >>>>>>>>> ticket with >>>>>>>>> their NOC each time you have a prefix to add/remove …. >>>>>>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>>>>>> support >>>>>>>>> automation via IRR >>>>>>>>> Paul >>>>>>>>> From: Af [mailto: [email protected] ] On Behalf Of Faisal Imtiaz >>>>>>>>> Sent: May 13, 2016 9:25 PM >>>>>>>>> To: [email protected] >>>>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>>>>> Let me clarify this a bit more... >>>>>>>>> You are recommending that one creates it's own AS Object in the >>>>>>>>> IRR..(aka learns >>>>>>>>> and manages their own RR entries) (it really does not matter which >>>>>>>>> IRR it is, >>>>>>>>> at the end of the day they are all sort of synced, it is only a >>>>>>>>> question of who >>>>>>>>> is maintaining it, and who can provide help to newbies). .. BTW, I >>>>>>>>> agree with >>>>>>>>> this.. however .... >>>>>>>>> Cause at the end of the day, someone in the up-stream is very likely >>>>>>>>> to create >>>>>>>>> the record for you, if it is needed by them... >>>>>>>>> This is one of those things that most carriers find... "too much >>>>>>>>> trouble to >>>>>>>>> teach vs just do it for that network !" >>>>>>>>> :) >>>>>>>>> Regards. >>>>>>>>> Faisal Imtiaz >>>>>>>>> Snappy Internet & Telecom >>>>>>>>> 7266 SW 48 Street >>>>>>>>> Miami, FL 33155 >>>>>>>>> Tel: 305 663 5518 x 232 >>>>>>>>> Help-desk: (305)663-5518 Option 2 or Email: [email protected] >>>>>>>>>> From: "George Skorup" < [email protected] > >>>>>>>>>> To: [email protected] >>>>>>>>>> Sent: Friday, May 13, 2016 7:15:26 PM >>>>>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>>>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit >>>>>>>>>> RADb is not >>>>>>>>>> free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>>>>>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>>>>>>>>> See answers in-line below:- >>>>>>>>>>> Faisal Imtiaz >>>>>>>>>>> Snappy Internet & Telecom >>>>>>>>>>> 7266 SW 48 Street >>>>>>>>>>> Miami, FL 33155 >>>>>>>>>>> Tel: 305 663 5518 x 232 >>>>>>>>>>> Help-desk: (305)663-5518 Option 2 or Email: >>>>>>>>>>> [email protected] >>>>>>>>>>>> From: "That One Guy /sarcasm" <[email protected]> >>>>>>>>>>>> To: [email protected] >>>>>>>>>>>> Sent: Friday, May 13, 2016 11:35:10 AM >>>>>>>>>>>> Subject: [AFMUG] Upstream BGP Questionairre >>>>>>>>>>>> Im going to expose the breadth of my incompetence here, but there >>>>>>>>>>>> are some >>>>>>>>>>>> questions in this document I want to make sure im answering >>>>>>>>>>>> accurately >>>>>>>>>>>> 1. Are you the owner of the AS Number with RIR- This im assuming >>>>>>>>>>>> is our ARIN >>>>>>>>>>>> direct allocation? >>>>>>>>>>> They are asking if you have a AS # assigned to you from ... (would >>>>>>>>>>> be ARIN for >>>>>>>>>>> North America). >>>>>>>>>>>> 2. Are you registered with an Internet Routing Registry? - Im not >>>>>>>>>>>> sure what this >>>>>>>>>>>> is, is this also ARIN or do I need to register something elsewhere? >>>>>>>>>>> Routing Registry.... it is a way to build authorized prefixes from >>>>>>>>>>> a DataBase... >>>>>>>>>>> You can read up about it from here >>>>>>>>>>> https://www.arin.net/resources/routing/ >>>>>>>>>>> Justin Wilson did a blog about it too... >>>>>>>>>>> http://www.mtin.net/blog/?p=245 >>>>>>>>>>> and yes ARIN also provides a Routing Registry Service ... (along >>>>>>>>>>> with a few >>>>>>>>>>> others) >>>>>>>>>>>> 3. Which type of routes do you want to receive? - Full routes is >>>>>>>>>>>> what we want, >>>>>>>>>>>> but are there caveats in this answer I need to be prepared for? >>>>>>>>>>> No Caveats, as long as your equipment is able to take full routes, >>>>>>>>>>> then do so. >>>>>>>>>>>> 4. Do you have downstream ASNs? - I assume this would be customers >>>>>>>>>>>> with their >>>>>>>>>>>> own allocations? We currently do not, but do not want to close the >>>>>>>>>>>> door on that >>>>>>>>>>>> in the future. Is this something easily updated in the future? >>>>>>>>>>> Answer this question in the Present.. (you don't have any so say >>>>>>>>>>> no)... no >>>>>>>>>>> future door is closed due to this... this is just info asked / >>>>>>>>>>> collected for >>>>>>>>>>> the upstream to be able to build their ACL filters.... (This is >>>>>>>>>>> also a flag for >>>>>>>>>>> them to collect your BGP LOA's as well as your Customers to you..) >>>>>>>>>>> This becomes a mute topic, if you are versed in using the Routing >>>>>>>>>>> Registry and >>>>>>>>>>> maintaining your own Route Objects etc. >>>>>>>>>>>> 5. List all prefixes to be announced so that we can confirm the >>>>>>>>>>>> BGP ACL prior to >>>>>>>>>>>> activation: We only have a /22, but we do want the option down the >>>>>>>>>>>> road to pull >>>>>>>>>>>> /24 from one provider if need be. Would we list the /24s >>>>>>>>>>>> independently or the >>>>>>>>>>>> /22 as the aggregate? >>>>>>>>>>> You want to ask them for the following:- >>>>>>>>>>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >>>>>>>>>>> Note: this will have them build a filter that can accept larger >>>>>>>>>>> prefixes between >>>>>>>>>>> 24 - 22, so it is not a 'specific' filter... >>>>>>>>>>>> 6. MD5 Password: On this is it standard practice to use the same >>>>>>>>>>>> password with >>>>>>>>>>>> all providers or different ones? >>>>>>>>>>> Your choice... either way.... no big deal, as long as you keep >>>>>>>>>>> track of them. >>>>>>>>>>>> -- >>>>>>>>>>>> If you only see yourself as part of the team but you don't see >>>>>>>>>>>> your team as part >>>>>>>>>>>> of yourself you have already failed as part of the team. >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your team >>>>> as part >>>>> of yourself you have already failed as part of the team. >>> --
