I've actually seen this behavior (more specifics being leaked and then promptly withdrawn), though the trigger wasn't quite so obvious. It turned out what was happening is that a bunch of gunk was being redistributed into BGP and tagged with "keep internal" communities to avoid advertisement to EBGP peers. Implicit policy was being applied at the domain egress such that if the "keep internal" community values weren't present the routes were by default advertised externally. In addition, BGP policies (i.e., prefix filters) that identified "keep internal" address space (and pretty much everything else, for that matter) were being rewritten every night on every BGP router in the network (regardless of change). The routers in question run a BGP redistribution process every 60 seconds and it just happened to run (quite often) just as filters were being rewritten, resulting in "the gunk" not being tagged as "keep internal" and therefore being advertised externally. A subsequent run of the BGP process realized a policy was in place withdrew the routes. The symptoms were somewhat random as the leaked routes varied from day to day, depending on which routers throughout the domain happened to have a BGP redistribution process collide with a policy rewrite -- but all in all, in a large network it seemed to occur on at least a couple of routers every night. My conclusions: o Redistributing into BGP can get ugly and should be avoided o Blindly rewriting policies (or any configuration elements) that haven't changed is bad o Implicit route advertisement policies are bad -danny
participants (1)
-
Danny McPherson