Internet.com
Get your
ISP-News
courtesy of
internetnews.com



Search ISP-Lists
Search:
ISP Channel
CLEC-Planet
ISP Glossary
ISP News
ISP-Planet
ISP-Lists
E-mail Newsletters
Opt-in Announcements
Discussion Forums
internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

The ISP-Lists.com Email Discussion List Community

<- Previous Message | Next Message ->
Thread Index
Re: Application Note: Securing BGP on Juniper Routers 

Hrmmm your right you would forward it along a default. 


To search for confed set, you do a regexp for ().


On Mon, Jun 24, 2002 at 07:20:47PM -0500, Stephen Gill wrote:
> In answer to your question on the bogons... the static discards are in
> the routing table to cause deterministic blackholing of bogon networks
> in cases where a 0/0 route exists in the routing table.  A martian will
> simply keep a prefix from showing up the routing table, but it will not
> keep traffic from being forwarded through the default route.  Also, if
> the router is configured to do so, it can send unreachables to other
> networks, but not the static discards.  
> 
> As per confeds, I don't know of a way to search for AS_CONFED_SET via
> policy on a Juniper.
> 
> -- steve
> 
> -----Original Message-----
> From: fscalzo-isp@..."mailto:fscalzo-isp@...">mailto:fscalzo-isp@...> Sent: Monday, June 24, 2002 1:09 AM
> To: Stephen Gill
> Cc: 'ISP-BGP Discussion List'; fscalzo-isp@...
> Subject: Re: Application Note: Securing BGP on Juniper Routers
> 
> 1. I understand that for default but the other bogons?
> 
> 2. right, it installs a single next hop for each destination prefix,
>    but the detination prefixes are shared. You are certainly correct
>    per-flow is a good thing, I simply wanted to clarify. We are saying
>    similar things with different words.
> 
> 3. out-delay your absolutely right, it can delay convergence, or delay
>    osciliation. 
> 
> 4. I forgot you had that in there, but you still have to think about
>    confed info, confederation information, is NOT neccesarily private
>    ASN's in fact if I remember correctly the prefix that caused the 
>    problem had real ASNs in the confed info.
> 
> 
> In general, I am not trying to be argumentative, or rip on your document
> just thought some things were worth clarifying....
> 
> 
> 
> On Mon, Jun 24, 2002 at 12:45:43AM -0500, Stephen Gill wrote:
> > In reference to your comments...
> > 
> > 1.  The static discard routes are there to remove all ambiguity when a
> > 0/0 route exists.  If your network does not have a default route and
> you
> > have all Internet routes, then yes you can join the two.  In this
> case,
> > we use a 0/0 route and thus would like to make sure that nothing
> squeaks
> > by.
> > 
> > 2.  Actually, Juniper does not install all equal cost paths into the
> > forwarding table by default.  It selects one at random.
> > 
> >
> http://www.juniper.net/techpubs/software/junos53/swconfig53-routing/html
> > /routing-generic-config10.html
> > 
> > Flow based load balancing is definitely a good thing.
> > 
> > 3.  There are benefits and drawbacks to out-delay.  If your network is
> > configured in a way that avoids oscillation, then this is not
> necessary.
> > Out delay may delay convergence or delay oscillation depending on your
> > network :).
> > 
> > 4.  The remove-private command in the template takes care of this.
> > Routes will not get advertised w/o having them removed.
> > 
> > Cheers,
> > -- steve
> > 
> > 
> 
>
Replies
Re: Application Note: Securing BGP on Juniper Routers, fscalzo-isp
RE: Application Note: Securing BGP on Juniper Routers, Stephen Gill
<- Previous Message | Next Message ->
Thread Index

ISP Glossary
Find an ISP Term

Need Help?