North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: oh k can you see
Randy Bush wrote:
so a few of us are still looking at routing through the anycast sunglasses. a particular probe is seeing instability  for k.root-servers.net . so we hop on to a router nearby, and
o this obscures their path to k1 o and, as they obey k0's NO_EXPORT, they can not export any route to a k.root-servers.net server to t0
Isnt this the standard problem? Why does anycast have any special bearing on the problem? (perhaps it doesnt you just want someone to fix it)
My amateurs understanding of this is that:
Sites connected to providers who have chosen a path marked as NO_EXPORT as best over one not so marked will not get any route to that prefix from that provider. They better hope that they are connected to another provider who did not select as best path a NO_EXPORT marked prefix.
A number of conclusions can possibly be made:
NO_EXPORT is not safe to be used while trying to traffic engineer but maintain global connectivity.
NO_EXPORT is only safe for more specific prefixes, as long as there is a less specific prefix that is still usuable.
NO_EXPORT to a large provider with potential large numbers of single homed BGP customers who may not be taking a 0/0 (in an attempt to use SAV?) is probably not a good idea
NO_EXPORT to large providers raises the probablity of there being sites who multihome to only those, therefore NO_EXPORT to multiple large providers is almost certainly dangerous.
traffic engineering done by the core based upon instructions from the edge is dangerous.