On Nov 1, 2011, at 4:10 AM, Justin M. Streiner wrote: > On Tue, 1 Nov 2011, Dmitry Cherkasov wrote: > >> case 2: extranet like multiple POPs interconnected with VPNs >> - get greater then /48 block (like /44) so each POP gets its /48 part >> - each POP announces its corresponding /48 prefix to their local ISPs >> - decide if you wish that traffic from Internet to some POP passes >> through some other of your POPs (security or other considerations); if >> this is desirable you may announce the whole aggregate (like /44) >> additionally to /48 from all or some of the POPs; optionally you may >> wish to announce /44 with community 'no-export' > > You really don't need to tag the larger block with no-export. In fact, > if the POPs are suitably interconnected on the back end, you really > don't need to advertise the /48s all, and just advertise the /44. Depending > on your upstreams, you might be able to tag your advertisements with certain > BGP communities (will vary from provider to provider) to give you some degree > of conrol over traffic distribution. > > Getting back to the original point, unless someone does something odd with > their BGP views, the /48s will be preferred because they're smaller (more > specific), and the /44 would only be used if a corresponding /48 prefix > doesn't exist in their BGP view. > > jms
In fact, if you have one or more providers which, in common, serve multiple POPs, it may be desirable to tag the more specifics (/48s) as no-export and leave the /44s exportable. In this way, you can avoid unnecessary DFZ pollution. Owen
