Partial vs Full tables
michael.hare at wisc.edu
Fri Jun 5 16:30:59 UTC 2020
> In internal network, instead of having a default route in iBGP or IGP,
> you should have the same loopback address in every full DFZ router and
> advertise that loopback in IGP. Then non fullDFZ routers should static
> route default to that loopback, always reaching IGP closest full DFZ
Just because DFZ role device can advertise loopback unconditionally in IGP doesn't mean the DFZ actually has a valid eBGP or iBGP session to another DFZ. It may be contrived but could this not be a possible way to blackhole nearby PEs..?
We currently take a full RIB and I am currently doing full FIB. I'm currently choosing to create a default aggregate for downstream default-only connectors based on something like
route-filter 0.0.0.0/0 prefix-length-range /8-/10;
Of course there is something functionally equivalent for v6. I have time series data on the count of routes contributing to the aggregate which helps a bit with ease of mind of default being pulled when it shouldn't be. Like all tricks of this type I recognize this is susceptible to default being synthesized when it shouldn't be.
I'm considering an approach similar to Tore's blog where at some point I keep the full RIB but selectively populate the FIB. Tore, care to comment on why you decided to filter the RIB as well?
More information about the NANOG