Discard incoming BGP route updates, default route, memory used

Answered Question
Apr 7th, 2010

Hi All,


We have a situation. The BGP routing table size is too large in the Router pair DR1/2, that has only one (redundant) path(s) to internet router iR1/2 pair.


On DR1 and 2, I'm planning to discard BGP route updates from peers iR1/2, and instead redistribute default route (pointing to iR1/2) on the DR1/2 into BGP.


Is this good approach?

Also how will iR1/2, without any change, handle the private IP subnets, as the DR1/2 might send private traffic, because of default route?


(Please see attached .doc)


Thanks for checking this

SS

Attachment: 
Correct Answer by Giuseppe Larosa about 6 years 10 months ago

Hello Sinnathurai,

if DR1/2 cannot support a full table you need to filter and you should do it directly on IR1/2


on IR1/2


ip prefix-list only-default seq 5 permit 0.0.0.0/0


route-map toDR permit 10

match ip address prefix only-default


router bgp


neigh dr1 route-map toDR out

neigh dr2 route-map toDR out



note: filtering on DR1/2 inbound is inefficient because IR1/2 will try to advertise all prefixes just to have them dropped on DR1/2


as a security measure on DR1/2 you can implement the same filter inbound


on DR1/2 you keep to advertise the private ip subnets in order to ensure correct return traffic


this helps in having a dynamic routing between the 4 routers


I would not use static routes otherwise you will need to use IP SLA to control if next-hops are alive in a LAN environment (with switches in the middle)


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Wed, 04/07/2010 - 06:28

Hello Sinnathurai,

if DR1/2 cannot support a full table you need to filter and you should do it directly on IR1/2


on IR1/2


ip prefix-list only-default seq 5 permit 0.0.0.0/0


route-map toDR permit 10

match ip address prefix only-default


router bgp


neigh dr1 route-map toDR out

neigh dr2 route-map toDR out



note: filtering on DR1/2 inbound is inefficient because IR1/2 will try to advertise all prefixes just to have them dropped on DR1/2


as a security measure on DR1/2 you can implement the same filter inbound


on DR1/2 you keep to advertise the private ip subnets in order to ensure correct return traffic


this helps in having a dynamic routing between the 4 routers


I would not use static routes otherwise you will need to use IP SLA to control if next-hops are alive in a LAN environment (with switches in the middle)


Hope to help

Giuseppe

Actions

This Discussion