Prior to MPLS We null routed *all* our "supernets" (public aggregated announcements) on *all* core routers such that unknown traffic only made it as far as the nearest core (of which there are at least two in each PoP), of course if your ASN becomes partitioned then you have to be prepared to deal with this, our solution being never to allow the AS to be partitioned by building a highly resilient topology :)
More specific customer networks in BGP were tagged by route-map and had our "internal" communities applied plus "no-export" to ensure that they couldn't be leaked by accident (say if border community filtering failed somehow) When you add MPLS into the mix (for internet routing, not just VPN) your border router becomes an LER and as such you can't take advantage of the core routers and have them MPLS only LSRs at the same time. One solution may be to inject your supernets from your sources (i.e reflectors), perhaps with a bogus next hop (i.e with enough validity to be announced but not forwarding if it ever became a valid route for traffic to follow at the edge) Hope this helps Dave./ Drew Weaver wrote: > Howdy, > > I am trying to figure out if there is a different/newer/better(?) way to > announce our public IP ranges to our Internet providers, currently we are > declaring our subnets in 'network statements' in the BGP configuration, we > have static routes setup like ip route x.x.x.x 255.255.224.0 Null0 254 and > then we have a extended access-list applied to each peer with our net blocks > listed in them. > > It appears that because of the network statements, the supernet routes (/18s, > /19s, etc) are being distributed via BGP to the rest of the network which is > by design(I assume). This doesn't seem ideal because if traffic is sent to an > IP address that doesn't have a more specific route than say /18, or /19 it > travels all the way through the network to the edge before stopping. I might > be blowing the impact of this out of proportion, but it just seems like a > waste of resources. > > Does anyone know of a seemingly more sensible way of doing this? > > -Drew > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/