Partial vs Full tables

Michael Hare michael.hare at
Fri Jun 5 16:30:59 UTC 2020


> In internal network, instead of having a default route in iBGP or IGP,
> you should have the same loopback address in every full DFZ router and
> advertise that loopback in IGP. Then non fullDFZ routers should static
> route default to that loopback, always reaching IGP closest full DFZ
> router.

Just because DFZ role device can advertise loopback unconditionally in IGP doesn't mean the DFZ actually has a valid eBGP or iBGP session to another DFZ.  It may be contrived but could this not be a possible way to blackhole nearby PEs..?   

We currently take a full RIB and I am currently doing full FIB.  I'm currently choosing to create a default aggregate for downstream default-only connectors based on something like

     from {
        protocol bgp;
        as-path-group transit-providers;
        route-filter prefix-length-range /8-/10;
        route-type external;

Of course there is something functionally equivalent for v6.  I have time series data on the count of routes contributing to the aggregate which helps a bit with ease of mind of default being pulled when it shouldn't be.  Like all tricks of this type I recognize this is susceptible to default being synthesized when it shouldn't be.

I'm considering an approach similar to Tore's blog where at some point I keep the full RIB but selectively populate the FIB.  Tore, care to comment on why you decided to filter the RIB as well?


More information about the NANOG mailing list