The way I've dealt with this in the past (a trick I learned from Barry) is to ask for full routes (and no default), filter out ALL prefixes except for those of associated with a few far away root name servers, and then generate a default conditional on reachability of at least one name server. It gets a little ugly, because you need to ensure you only generate the default if the route to the name servers is through your upstream, which means that all BGP routers in your AS must not pass on those prefixes plus you have to keep track on an ongoing basis of changes in the prefixes containing the root name servers or their IP address.
Disclaimer: Have not tested this approach with IPv6 because I retired before I had any clients who cared :-] but I've used it with IPv4 since the days of 2501 routers. Vince On Thu, 2014-10-02 at 11:46 -0700, Paul Wozney wrote: > Okay so I've got two BGP routers here, accepting partial routes - one > carrier to each router. Each carrier advertises a default route. I use an > as-path filter to limit learned routes to those of the carrier +1 ASn: > > ip as-path access-list 11 permit ^NNNN_[0-9]*$ > > > One carrier has now had two outages in the last year where they've lost > their upstream. They continue to advertise a default route to us, so our > network experiences failures until we kill the link. > > It strikes me that if we had FULL routes (and no default route accepted) we > could react automatically to failures like this - we could share tables > between the routers and if one carrier lost half their routes we'd pick > them up from the other router. > > Is this just how life with partial routes is? Or is there something else I > can do? > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
