Saku-
In internal network, instead of having a default route in iBGP or IGP, you should have the same loopback address in every full DFZ router and advertise that loopback in IGP. Then non fullDFZ routers should static route default to that loopback, always reaching IGP closest full DFZ router.
Just because DFZ role device can advertise loopback unconditionally in IGP doesn't mean the DFZ actually has a valid eBGP or iBGP session to another DFZ. It may be contrived but could this not be a possible way to blackhole nearby PEs..? We currently take a full RIB and I am currently doing full FIB. I'm currently choosing to create a default aggregate for downstream default-only connectors based on something like from { protocol bgp; as-path-group transit-providers; route-filter 0.0.0.0/0 prefix-length-range /8-/10; route-type external; } Of course there is something functionally equivalent for v6. I have time series data on the count of routes contributing to the aggregate which helps a bit with ease of mind of default being pulled when it shouldn't be. Like all tricks of this type I recognize this is susceptible to default being synthesized when it shouldn't be. I'm considering an approach similar to Tore's blog where at some point I keep the full RIB but selectively populate the FIB. Tore, care to comment on why you decided to filter the RIB as well? -Michael