Saku-
> In internal network, instead of having a default route in iBGP or IGP,
> you should have the same loopback address in every full DFZ router and
> advertise that loopback in IGP. Then non fullDFZ routers should static
> route default to that loopback, always reaching IGP closest full DFZ
> router.
Just because DFZ role device can advertise loopback unconditionally in IGP
doesn't mean the DFZ actually has a valid eBGP or iBGP session to another DFZ.
It may be contrived but could this not be a possible way to blackhole nearby
PEs..?
We currently take a full RIB and I am currently doing full FIB. I'm currently
choosing to create a default aggregate for downstream default-only connectors
based on something like
from {
protocol bgp;
as-path-group transit-providers;
route-filter 0.0.0.0/0 prefix-length-range /8-/10;
route-type external;
}
Of course there is something functionally equivalent for v6. I have time
series data on the count of routes contributing to the aggregate which helps a
bit with ease of mind of default being pulled when it shouldn't be. Like all
tricks of this type I recognize this is susceptible to default being
synthesized when it shouldn't be.
I'm considering an approach similar to Tore's blog where at some point I keep
the full RIB but selectively populate the FIB. Tore, care to comment on why
you decided to filter the RIB as well?
-Michael
