I know I'm replying to an email from the beginning of the thread, but... >> I am trying to figure out if there is a >> different/newer/better(?) way to announce our public IP >> ranges to our Internet providers, currently we are declaring >> our subnets in 'network statements' in the BGP >> configuration, we have static routes setup like ip route >> x.x.x.x 255.255.224.0 Null0 254 and then we have a extended >> access-list applied to each peer with our net blocks listed >> in them.
>> It appears that because of the network statements, the >> supernet routes (/18s, /19s, etc) are being distributed via >> BGP to the rest of the network which is by design(I assume). >> This doesn't seem ideal because if traffic is sent to an IP >> address that doesn't have a more specific route than say >> /18, or /19 it travels all the way through the network to >> the edge before stopping. I might be blowing the impact of >> this out of proportion, but it just seems like a waste of >> resources. >> Does anyone know of a seemingly more sensible way of doing >> this? > You could always tag these hold-down routes with a > community, then when someone sends a packet to them, the > next-hop could be rewritten to a local discard/null0 > instance. > This should allow you to distribute the load instead of > backhauling the traffic to the final destination/aggregation > location. > - Jared I can think of one possible trap here when implementing this on a network where o Some routers have only partial routing tables. o Jared's suggestion to black-hole the hold-down routes is implemented on these routers (and not just on edge routers, as was suggested elsewhere in the thread). o Subnets of an aggregate are allocated to dual-homed customers. Unless you arrange that upstream-heard bgp-announcements of these subnets are propagated to your partial-routing-table routers, those routers will be unable to reach the dual- homed customers when its link is down to you, even if its link to another upstream is working. The above may seem like a very unusual combination of circumstances, but Cogent has been known to commit a very similar sin on the edge portions of their net between their "A-peers" and "B-peers". - Bob _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/