RE: Default routes on BGP routers with full feeds
I have 5 providers and we get the default from all of them and full routing tables. I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers. -Mike -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds. If so, why? If not, why not? Thanks, Berry
On Nov 4, 2014, at 1:25 PM, Mike Walter <mwalter@3z.net> wrote:
I have 5 providers and we get the default from all of them and full routing tables.
I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers.
We put some efforts into our default origination service a few years back to prevent default from being announced if the pop became isolated for some catastrophic reason. I recall once when someone upgraded the route processor of two different routers in a pop at the same time resulting in isolation until the configs were placed on the new RE for other devices in the site. Things happen and preparing for them is the first step to survive. - Jared
It seems in such a case, the traffic still doesn’t know where to go, but you don’t realize it because you have a default. Then you pass the traffic to one of the providers who doesn’t have a route for it and they drop it instead of you. If you see something different, then, by definition, said provider is not feeding you a full set of their tables, or, they, too, are depending on a default and are not receiving a full set of tables. Owen
On Nov 4, 2014, at 10:25 AM, Mike Walter <mwalter@3z.net> wrote:
I have 5 providers and we get the default from all of them and full routing tables.
I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers.
-Mike
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds
I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds.
If so, why? If not, why not?
Thanks,
Berry
We don't accept a default from anyone, but will send one to a customer when specifically requested. We heavily filter all incoming routes (bogon, 1918, and many others). We don't want data resorting to 0/0 and ::/0 when we specifically rejected the matching route at the import policy. Additionally, if your upstream isn't announcing a route to you, where are they going to send your traffic anyway? Regards, Chris Rogers +1.302.357.3696 x2110 http://inerail.net/ On Tue, Nov 4, 2014 at 5:42 PM, Owen DeLong <owen@delong.com> wrote:
It seems in such a case, the traffic still doesn’t know where to go, but you don’t realize it because you have a default.
Then you pass the traffic to one of the providers who doesn’t have a route for it and they drop it instead of you.
If you see something different, then, by definition, said provider is not feeding you a full set of their tables, or, they, too, are depending on a default and are not receiving a full set of tables.
Owen
On Nov 4, 2014, at 10:25 AM, Mike Walter <mwalter@3z.net> wrote:
I have 5 providers and we get the default from all of them and full routing tables.
I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers.
-Mike
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds
I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds.
If so, why? If not, why not?
Thanks,
Berry
There is one setup where you would need default route from your provider. If you have no IBGP between two sites and your prefix is a large /16 on side and maybe a /18 from that /16 on another site. These site would not be able to talk to each other if you orginate from the same AS. Other than that I see not harm in having both default and a full table since longest prefix match will always win even if you have 2 or more transits. // Andreas Med vänlig hälsning Andreas Larsen IP-Only Telecommunication AB| Postadress: 753 81 UPPSALA | Besöksadress: S:t Persgatan 6, Uppsala | Telefon: +46 (0)18 843 10 00 | Direkt: +46 (0)18 843 10 56 www.ip-only.se<https://webmail.ip-only.net/owa/UrlBlockedError.aspx> 5 nov 2014 kl. 02:41 skrev Chris Rogers <crogers@inerail.net<mailto:crogers@inerail.net>>: We don't accept a default from anyone, but will send one to a customer when specifically requested. We heavily filter all incoming routes (bogon, 1918, and many others). We don't want data resorting to 0/0 and ::/0 when we specifically rejected the matching route at the import policy. Additionally, if your upstream isn't announcing a route to you, where are they going to send your traffic anyway? Regards, Chris Rogers +1.302.357.3696 x2110 http://inerail.net/ On Tue, Nov 4, 2014 at 5:42 PM, Owen DeLong <owen@delong.com> wrote: It seems in such a case, the traffic still doesn’t know where to go, but you don’t realize it because you have a default. Then you pass the traffic to one of the providers who doesn’t have a route for it and they drop it instead of you. If you see something different, then, by definition, said provider is not feeding you a full set of their tables, or, they, too, are depending on a default and are not receiving a full set of tables. Owen On Nov 4, 2014, at 10:25 AM, Mike Walter <mwalter@3z.net> wrote: I have 5 providers and we get the default from all of them and full routing tables. I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers. -Mike -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds. If so, why? If not, why not? Thanks, Berry
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 5, 2014, at 7:49 AM, Andreas Larsen <andreas.larsen@ip-only.se> wrote: There is one setup where you would need default route from your provider. If you have no IBGP between two sites and your prefix is a large /16 on side and maybe a /18 from that /16 on another site. These site would not be able to talk to each other if you orginate from the same AS. Other than that I see not harm in having both default and a full table since longest prefix match will always win even if you have 2 or more transits. I think in that case you would use “allowas-in”. Regards, Marc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUWg8PAAoJEBqZdpQUXtTCkr8P/j/V0nsJwS6UOhEBU0Cpvrlf BnhGgBy3exIiMq87IqO472P5Gkwsx52a/P5zUfuRDd3GKs1kNx4cyM6MH+XUFti0 f7kkKxDJ5hAne2Bg+KYLK/oLJUFC9gjSJM5AL8fjTb7qr+X2Wc2Wuqm/F346V3gQ cpO8lTuctM9pmBguAk8hCggKrsQBjDZJ7aF6qEebSdZHEG4JuONzx/2xFwq9vZMW 1lh+hyoGiVmb5dglma3525N0SbfJBbRgIFjcd7kQTq7toyRUytGecjpmXjCdomkG Y07Atj9T02w4M3h3dUpsAfXPRZhHuXBhDV24n0eBOnaJEwbEkdz5qfYjbXLVAItH 8yo8gtEYjzhPyfivdJ4YiZ97Yd4BID7boaiuyEBxczLfZ77Fm7XxPqbD+9K5+DJv VnyIt1adZkIcnoNSOOfJPswNT8Tfmz6r5F3l0+xa+ZnmCUgKZ8XtcHoLPYGR5ZMs mU6W7SsLSeX4QgO/2Ae+hmfV+jWcyNnt/Vs9MNqFkAbyjsjXX4H7gc88UKpPzvIq kkMzlKrk5hlXhZ6bQJWwIgX3PaDxD+YLa/nmq6/sgqA8rIKNiOVtNYWMbEkve5JJ l+RAA7foh22Sz0zCce6Rf/jmibBRAZ3GBD/UxV5bH+XB+vStlBZ8B8EHe22fwBaX BThfag88mErUm+MXKbar =qJ44 -----END PGP SIGNATURE-----
We receive full routes and a default so we can perform traffic engineering within our network. We have links to multiple carriers, via multiple routers. We inject a default route into OSPF from distinct segments of our network, based on receiving the default route on that segment via eBGP. If the default route goes down, the default injected from another segment assumes priority and traffic routes out through that segment's carrier. It's easier to manage this kind of failover (for us) using default routes, so we don't have to carry full routes on all our core routers. We also prefer using a default route over engineering things based on some other arbitrary route learned from eBGP. Thanks, Adam -----Original Message----- From: NANOG [mailto:nanog-bounces+maillist=webjogger.net@nanog.org] On Behalf Of Marc Storck Sent: Wednesday, November 05, 2014 6:53 AM To: nanog@nanog.org Subject: Re: Default routes on BGP routers with full feeds -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 5, 2014, at 7:49 AM, Andreas Larsen <andreas.larsen@ip-only.se> wrote: There is one setup where you would need default route from your provider. If you have no IBGP between two sites and your prefix is a large /16 on side and maybe a /18 from that /16 on another site. These site would not be able to talk to each other if you orginate from the same AS. Other than that I see not harm in having both default and a full table since longest prefix match will always win even if you have 2 or more transits. I think in that case you would use “allowas-in”. Regards, Marc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUWg8PAAoJEBqZdpQUXtTCkr8P/j/V0nsJwS6UOhEBU0Cpvrlf BnhGgBy3exIiMq87IqO472P5Gkwsx52a/P5zUfuRDd3GKs1kNx4cyM6MH+XUFti0 f7kkKxDJ5hAne2Bg+KYLK/oLJUFC9gjSJM5AL8fjTb7qr+X2Wc2Wuqm/F346V3gQ cpO8lTuctM9pmBguAk8hCggKrsQBjDZJ7aF6qEebSdZHEG4JuONzx/2xFwq9vZMW 1lh+hyoGiVmb5dglma3525N0SbfJBbRgIFjcd7kQTq7toyRUytGecjpmXjCdomkG Y07Atj9T02w4M3h3dUpsAfXPRZhHuXBhDV24n0eBOnaJEwbEkdz5qfYjbXLVAItH 8yo8gtEYjzhPyfivdJ4YiZ97Yd4BID7boaiuyEBxczLfZ77Fm7XxPqbD+9K5+DJv VnyIt1adZkIcnoNSOOfJPswNT8Tfmz6r5F3l0+xa+ZnmCUgKZ8XtcHoLPYGR5ZMs mU6W7SsLSeX4QgO/2Ae+hmfV+jWcyNnt/Vs9MNqFkAbyjsjXX4H7gc88UKpPzvIq kkMzlKrk5hlXhZ6bQJWwIgX3PaDxD+YLa/nmq6/sgqA8rIKNiOVtNYWMbEkve5JJ l+RAA7foh22Sz0zCce6Rf/jmibBRAZ3GBD/UxV5bH+XB+vStlBZ8B8EHe22fwBaX BThfag88mErUm+MXKbar =qJ44 -----END PGP SIGNATURE-----
On Nov 4, 2014, at 10:49 PM, Andreas Larsen <andreas.larsen@ip-only.se> wrote:
There is one setup where you would need default route from your provider.
That may be true, but this isn’t it…
If you have no IBGP between two sites and your prefix is a large /16 on side and maybe a /18 from that /16 on another site. These site would not be able to talk to each other if you orginate from the same AS.
1. Don’t do this. No, really, this is like the old joke about “Doctor, Doctor, it hurts when I do this!”. Just get a second AS. Supposed definition of an AS: “A collection of prefixes with a common routing policy”. If you have a /18 advertised from group A and a /17 and a /18 advertised from group B (even if you’re pretending it’s a /16 and including the covered separate /18), then you have 3 (or pretending 2) prefixes which have different routing policies. 2. If you are going to do this, then you’re better off building a tunnel between the sites and setting up iBGP across the tunnel. 3. Another option is to coerce your BGP into accepting routes with your own AS in the AS PATH. This circumvents BGP loop detection, but if you’re two sites are stub sites (and I can’t imagine a scenario where you would do this with transit sites), then that is a pretty low risk. Further, you can filter out the potential loop routes pretty easily since you know which ones are local to each site, making that particular loop detection irrelevant).
Other than that I see not harm in having both default and a full table since longest prefix match will always win even if you have 2 or more transits.
The harm is that instead of dropping traffic that can’t go anywhere, you’re passing it to someone else to drop for you. I suppose as long as you’re paying for the bandwidth used, it’s not a big deal, but it also breaks your ability to implement things like BCP38. Owen
// Andreas Med vänlig hälsning Andreas Larsen
IP-Only Telecommunication AB| Postadress: 753 81 UPPSALA | Besöksadress: S:t Persgatan 6, Uppsala | Telefon: +46 (0)18 843 10 00 | Direkt: +46 (0)18 843 10 56 www.ip-only.se <https://webmail.ip-only.net/owa/UrlBlockedError.aspx>
5 nov 2014 kl. 02:41 skrev Chris Rogers <crogers@inerail.net <mailto:crogers@inerail.net>>:
We don't accept a default from anyone, but will send one to a customer when specifically requested.
We heavily filter all incoming routes (bogon, 1918, and many others). We don't want data resorting to 0/0 and ::/0 when we specifically rejected the matching route at the import policy.
Additionally, if your upstream isn't announcing a route to you, where are they going to send your traffic anyway?
Regards, Chris Rogers +1.302.357.3696 x2110 http://inerail.net/ <http://inerail.net/>
On Tue, Nov 4, 2014 at 5:42 PM, Owen DeLong <owen@delong.com> wrote:
It seems in such a case, the traffic still doesn’t know where to go, but you don’t realize it because you have a default.
Then you pass the traffic to one of the providers who doesn’t have a route for it and they drop it instead of you.
If you see something different, then, by definition, said provider is not feeding you a full set of their tables, or, they, too, are depending on a default and are not receiving a full set of tables.
Owen
On Nov 4, 2014, at 10:25 AM, Mike Walter <mwalter@3z.net> wrote:
I have 5 providers and we get the default from all of them and full routing tables.
I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers.
-Mike
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds
I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds.
If so, why? If not, why not?
Thanks,
Berry
participants (7)
-
Adam Greene -
Andreas Larsen -
Chris Rogers -
Jared Mauch -
Marc Storck -
Mike Walter -
Owen DeLong