On 10/20/10 17:03, Richard A Steenbergen wrote: > On Wed, Oct 20, 2010 at 04:23:23PM -0400, Chris Morrow wrote: >> >> 4) reset next-hop as you ship the route internally to IBGP neighbors >> (see ... the Wayne Gustavus's (verizon) talk from NANOG32 in Reston: >> <http://www.nanog.org/meetings/nanog32/presentations/soricelli.pdf>) >> >> there are, as RAS is pointing out, many ways to skin this cat. > > Well, that would work if you're adding a local static route to discard > and then reannouncing it into IBGP... But if you're receiving the route > from a customre EBGP session that wouldn't install the null route on the > local box, potentially leaving you open to one customer flooding another > customer on the same router.
yup, customers can still get 'local' traffic, and yes every device has the same dsc0 or discard route setup for the next-hop address. > I also had some people point off offline that you could build a single > prefix-list policy, then allow null routes to be accepted, and THEN > begin your regular customer border policies. This is also true, but I > forgot to mention that I've also found value in having separate max > prefix limits for null route vs regular routes, which you couldn't > implement via a policy over a single session. This entire discussion I actually like the 'use a new session' model, it does clarify things for everyone... though there are potentially some scaling issues with this dimension as well. > needs a giant disclaimer that says "Warning: The number of BGP speaking > customers out there who aren't really masters of route-map and who will > accidentally try to null route their entire bgp session is higher than > you might expect". Making them actually take the time to configure a hahahaa, bell canada... yes, there are lots of people who don't grok bgp from the customer side :( handing them a templated config (and templated change set) is helpful. -chris _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
