redistribute bgp considered harmful

• Previous message (by thread): redistribute bgp considered harmful
• Next message (by thread): redistribute bgp considered harmful
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Iljitsch van Beijnum <iljitsch at muada.com> wrote:

> But not allowing BGP -> IGP -> BGP might be a good one. On the other hand,
> someone who is determined to screw up could do BGP -> IGP on one router
> and IGP -> BGP on another.

I've seen that done.  And usefully.  The case involved an AGS+ (BGP
speaking) and IGS (with too little memory to run anything later than
IOS 8.3, but after the PALs required to do memory upgrades on IGSs
had been discontinued by Cisco) and a peering across a serial link,
but could just as easily happen with today's routers -- eg, two
small ISPs peering over a Cisco 827.

Any feature can be useful, but you just have to be very careful and
very aware of what you're doing and why it is evil.  If you can
carefully select the routes via, say, nexthop, filter them correctly
and know what ASN to insert them into, then you can use an IGP to
transport routes between two ASNs (or more, if you match various
nexthops and use them to insert into different ASNs).

Imagine ISP A and ISP B are BGP-speakers with only a small amount of
peering traffic, and an asymmetric flow (say ISP B is a small, modem
customer only ISP, and ISP A have a bit of content and a slightly
larger customer base).

Now say ISP A and ISP B peer for some reason, and ISP A uses BGP as
their only interstate routing protocol, so they need the routes to
appear in their BGP table.

ISP B could be using a Cisco 827 (RIPv2 only) to connect to ISP A's
ADSL product via L2TP.

ISP A could be putting ISP B into a VRF and then forwarding them
off to a small router (eg, an old 1000-series, with an IOS before
BGP was removed from them[1]), which they peer via BGP back to their
regular network (having configured it in ISP B's ASN), and insert
the routes (after filtering) from RIPv2 into BGP.

And before you say no ISP would be crazy enough to peer with a
1003 and 827 in the peering path, I refer you to
http://peer.sensation.net.au/ (a NAP using 33k and 56k modems,
or 'NAPette' as the organizer calls it).

Of course, this is probably a good argument -not- to support IGP
into BGP distribution, because someone might use it for something
like the above! :-)

David.

[1] example router thrown in because it lines up so well with
    the dodgyness of the example usage :-)  besides, 1003s look
    cool [substitute any other 1000-series.

• Previous message (by thread): redistribute bgp considered harmful
• Next message (by thread): redistribute bgp considered harmful
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]