redistribute bgp considered harmful

• Previous message (by thread): redistribute bgp considered harmful
• Next message (by thread): redistribute bgp considered harmful
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I tend to favour allowing features rather than restricting them, if paranoia is
needed then perhaps a confirm prompt?  

Dont forget tho BGP is used for things other than Internet routing eg VPN, VRF
and in those cases I can imagine such redistributions being beneficial.

Steve

On Mon, 7 Oct 2002, David Luyer wrote:

> 
> Iljitsch van Beijnum <iljitsch at muada.com> wrote:
> 
> > But not allowing BGP -> IGP -> BGP might be a good one. On the other hand,
> > someone who is determined to screw up could do BGP -> IGP on one router
> > and IGP -> BGP on another.
> 
> I've seen that done.  And usefully.  The case involved an AGS+ (BGP
> speaking) and IGS (with too little memory to run anything later than
> IOS 8.3, but after the PALs required to do memory upgrades on IGSs
> had been discontinued by Cisco) and a peering across a serial link,
> but could just as easily happen with today's routers -- eg, two
> small ISPs peering over a Cisco 827.
> 
> Any feature can be useful, but you just have to be very careful and
> very aware of what you're doing and why it is evil.  If you can
> carefully select the routes via, say, nexthop, filter them correctly
> and know what ASN to insert them into, then you can use an IGP to
> transport routes between two ASNs (or more, if you match various
> nexthops and use them to insert into different ASNs).
> 
> Imagine ISP A and ISP B are BGP-speakers with only a small amount of
> peering traffic, and an asymmetric flow (say ISP B is a small, modem
> customer only ISP, and ISP A have a bit of content and a slightly
> larger customer base).
> 
> Now say ISP A and ISP B peer for some reason, and ISP A uses BGP as
> their only interstate routing protocol, so they need the routes to
> appear in their BGP table.
> 
> ISP B could be using a Cisco 827 (RIPv2 only) to connect to ISP A's
> ADSL product via L2TP.
> 
> ISP A could be putting ISP B into a VRF and then forwarding them
> off to a small router (eg, an old 1000-series, with an IOS before
> BGP was removed from them[1]), which they peer via BGP back to their
> regular network (having configured it in ISP B's ASN), and insert
> the routes (after filtering) from RIPv2 into BGP.
> 
> And before you say no ISP would be crazy enough to peer with a
> 1003 and 827 in the peering path, I refer you to
> http://peer.sensation.net.au/ (a NAP using 33k and 56k modems,
> or 'NAPette' as the organizer calls it).
> 
> Of course, this is probably a good argument -not- to support IGP
> into BGP distribution, because someone might use it for something
> like the above! :-)
> 
> David.
> 
> [1] example router thrown in because it lines up so well with
>     the dodgyness of the example usage :-)  besides, 1003s look
>     cool [substitute any other 1000-series.
> 
> 

• Previous message (by thread): redistribute bgp considered harmful
• Next message (by thread): redistribute bgp considered harmful
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]