Jared,
1) If you put your backbone connected interfaces (loopbacks serials, etc.. in your IGP [isis, ospf, whatever]) 2) Have a full iBGP mesh doing next-hop-self of the loopback interface 3) Redistribute statics and connected into your iBGP routing table (with route-map, or appropriate filters as necessary that vary by vendor)
No argument with the principles here but why do you need to redistribute connected interfaces into your IGP *and* into iBGP? Overkill, surely? IMHO all you need do is put appropriate connected interfaces and statics pointing out of your core into either the IGP *or* iBGP. Whether you do this via redistribution or not is probably network dependent. In case anyone hadn't realized (I'm sure Jared did), (2) ensures you carry round the iBGP next hop of the loopback addres of the exit router rather than (say) the next hop over the NAP concerned, which some idiot is bound to leak a more specific of just when you've forgotten to filter it. This also removes the nead for carrying the DMZ in your IGP (or, I suppose iBGP). Are there really networks out there that chose to run iBGP not only as an IGP (we do this in one AS), but also don't run something to hold up the loopback interface mesh too? (i.e. use Chris' auto-discovery method). Presumably they peer between interface addresses or it's not going to work as nothing will ever discover an arbitrary /32 loopback. Euch! -- Alex Bligh GX Networks (formerly Xara Networks)