Ah..so longest match still wins....understood. thanks again. david
On 25/01/2008, Pekka Savola <[EMAIL PROTECTED]> wrote: > On Fri, 25 Jan 2008, David Ball wrote: > > Pekka, I'm not sure I caught why your example of a BGP customer > > advertising an aggregate to us but the specifics to another upstream > > wouldn't work. If 'feasible-paths' is in use, doesn't that alleviate > > the problem? Even if the 'preferred' path is not their local port, we > > should still have the aggregate which should pass the uRPF check, no? > > No, feasible paths won't help in that case. > > If: > - your customer advertises a prefix P with mask n (P/n) > - you get the same prefix P/n from some other source (e.g., your peer > network or customer's another interface), and that route is preferred. > - your customer-facing router receives the preferred advertisement > > In this scenario: > - without feasible paths, your router would reject all traffic > (because your peer-learned route is active and your customer-learned > route is not) > - with feasible paths, your router would accept traffic from P/n from > the customer because even though the customer-learned path is > inactive, it's still considered "feasible" and uRPF accepts it. > > Now, if you get more specifics of P/n from your peer, that's a > different route compared to the aggregate. If you don't learn the > same more specific route from the customer, all customer's traffic > from that more specific prefix gets dropped. This is because your > router will think that the correct direction to the more specific is > to your peer network, not the direct connection to customer. > > You can think of this as "longest prefix matching wins every time, if > you have the same prefixes with the same length, you select one and > the rest are considered feasible". > > RFC 3704 section 2.3 tries to explain this but probably doesn't make > it much better than above. > > HTH, > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
