re: AGIS Route Flaps Interrupting its Peering?
At 06:41 AM 7/5/96 +0100, Sean Doran wrote:
| Since ANS seems to be passing our interface address as the | next-hop directly to some nets (e.g., Digex and Advantis), the failure | as I described above did lead to a loss of connectivity between AGIS | and at least Digex and Advantis. Pending the solution of the MFS | problem, it would have been possible to work around the issue if the | affected nets had routed _through_ their transit provider.
Let me reiterate the point that propagating third-party next-hops in the absence of guaranteed fate-sharing is EVIL, or at least very very risky.
I agree.
My opinion is probably at one pole of the spectrum of ideas about NAPs and MAEs, however it's essentially this: do not propagate other people's next-hops at all to your NAP/MAE peers, either using next-hop-self (or the equivalent) or announcing only those prefixes for which you have yourself as a next-hop. Moreover, one should be very cagey about accepting third-party next-hops from one's peers, and either refuse routes with such next-hops, or (with permission only), rewrite the next-hops in question, unless there is a very good reason to do otherwise.
AGIS always configures with next-hop-self, so that the only way we can propagate a nonworking next-hop is if our own router is down. I'm considering seriously Sean's recommendation about vetting next hops from others. [...chop...]
an issue. However, this should not be the default behaviour at any exchange-point, because the AGIS/DIGEX disconnectivity is a well-known and formerly oft-seen problem.
If "well-known" means "the net is all a-twitter about it", then I agree. If "well-known" means "seen over a long period of time" then I disagree. In any case, as Sean now characterizes the problem as "formerly", he obviously considers it fixed. Further, as AGIS sees AS2548 directly at MAE-East, as well as behind AS690 and AS1239_1800 (!), we'd have to be broken two or three ways at each of 5 exchange points to completely lose connectivity to Digex. [...whack...]
On another front, *weird* MAE and NAP setups have caused so much trouble that I sometimes wonder when the next time I get to say "I told you so" about multi-fabric-bridging-from-hell will be, and how bad it will hurt.
I'm afraid it will be all too soon. LAN-based exchange points presuppose that every router at the exchange point will want to talk to every other router at the exchange point. That deprives the router operator of some meaningful control. Peter _____________________________________________________________________ Peter Kline Senior Network Engineer| 313-730-5151 AGIS - Internet Backbone Services | _Lucem Diffundo_ Post-Traumatic Success Disorder+ | ///////////////////////////////////////////////////////////////////// You can pretend to care, but you can't pretend to be there.
participants (1)
-
Peter Kline, Sr. Network Engineer