North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: redistribute bgp considered harmful
I tend to favour allowing features rather than restricting them, if paranoia is needed then perhaps a confirm prompt? Dont forget tho BGP is used for things other than Internet routing eg VPN, VRF and in those cases I can imagine such redistributions being beneficial. Steve On Mon, 7 Oct 2002, David Luyer wrote: > > Iljitsch van Beijnum <[email protected]> wrote: > > > But not allowing BGP -> IGP -> BGP might be a good one. On the other hand, > > someone who is determined to screw up could do BGP -> IGP on one router > > and IGP -> BGP on another. > > I've seen that done. And usefully. The case involved an AGS+ (BGP > speaking) and IGS (with too little memory to run anything later than > IOS 8.3, but after the PALs required to do memory upgrades on IGSs > had been discontinued by Cisco) and a peering across a serial link, > but could just as easily happen with today's routers -- eg, two > small ISPs peering over a Cisco 827. > > Any feature can be useful, but you just have to be very careful and > very aware of what you're doing and why it is evil. If you can > carefully select the routes via, say, nexthop, filter them correctly > and know what ASN to insert them into, then you can use an IGP to > transport routes between two ASNs (or more, if you match various > nexthops and use them to insert into different ASNs). > > Imagine ISP A and ISP B are BGP-speakers with only a small amount of > peering traffic, and an asymmetric flow (say ISP B is a small, modem > customer only ISP, and ISP A have a bit of content and a slightly > larger customer base). > > Now say ISP A and ISP B peer for some reason, and ISP A uses BGP as > their only interstate routing protocol, so they need the routes to > appear in their BGP table. > > ISP B could be using a Cisco 827 (RIPv2 only) to connect to ISP A's > ADSL product via L2TP. > > ISP A could be putting ISP B into a VRF and then forwarding them > off to a small router (eg, an old 1000-series, with an IOS before > BGP was removed from them[1]), which they peer via BGP back to their > regular network (having configured it in ISP B's ASN), and insert > the routes (after filtering) from RIPv2 into BGP. > > And before you say no ISP would be crazy enough to peer with a > 1003 and 827 in the peering path, I refer you to > http://peer.sensation.net.au/ (a NAP using 33k and 56k modems, > or 'NAPette' as the organizer calls it). > > Of course, this is probably a good argument -not- to support IGP > into BGP distribution, because someone might use it for something > like the above! :-) > > David. > > [1] example router thrown in because it lines up so well with > the dodgyness of the example usage :-) besides, 1003s look > cool [substitute any other 1000-series. > >
|