iBGP next hop and multi-access media

Background:
Router A and B are connected via a common ethernet segment 1. Router A
uses 10.10.10.1/30, and Router B uses 10.10.10.2/30. Router B also has
another subnet configured for ethernet segment 1; 172.16.16.0/24.

When I setup a situation like the above, with Router B advertising the
172.16.16.0/24 to router A, router A sees a next hop of 10.10.10.2. This
is not good since packets from A going to the 172.16.16 subnet get sent to
Router B, which then ARPs the desitnation, instead of just being ARPed by
router A.

I don't want to turn on ICMP redirects on B since they're insecure and
ugly. I've also made sure I'm not using next-hop self. Is there a way to
make this work?

Ralph Doncaster
principal, IStop.com

Can you create another segment with 172.16.16? May be another dotq1q
interface?.

Regards
Ezequiel

Date: Sun, 6 Oct 2002 12:44:07 -0400 (EDT)
From: Ralph Doncaster

Router A and B are connected via a common ethernet segment 1.
Router A uses 10.10.10.1/30, and Router B uses 10.10.10.2/30.
Router B also has another subnet configured for ethernet
segment 1; 172.16.16.0/24.

When I setup a situation like the above, with Router B
advertising the 172.16.16.0/24 to router A, router A sees a
next hop of 10.10.10.2. This is not good since packets from
A going to the 172.16.16 subnet get sent to Router B, which
then ARPs the desitnation, instead of just being ARPed by
router A.

Is this what you're trying to do:

  route-map <foo>
   match <whatever>
   set ip next-hop <something>

?

Eddy

> When I setup a situation like the above, with Router B
> advertising the 172.16.16.0/24 to router A, router A sees a
> next hop of 10.10.10.2. This is not good since packets from
> A going to the 172.16.16 subnet get sent to Router B, which
> then ARPs the desitnation, instead of just being ARPed by
> router A.

Is this what you're trying to do:

  route-map <foo>
   match <whatever>
   set ip next-hop <something>

Not really, what I want is router A to learn that ther is no next hop IP-
the subnet is on the local ethernet.

-Ralph

(except that 172.x.x.x isn't 'local' to the 10.x.x.x network, even if they
are connected to the same physical network)

Date: Sun, 6 Oct 2002 21:05:32 -0400 (EDT)
From: Ralph Doncaster

Not really, what I want is router A to learn that ther is no
next hop IP- the subnet is on the local ethernet.

As others are saying... it isn't "local". It's not "local"
unless in the same subnet. Physical topology often correlates
with higher layers, but it's not strictly 1:1.

Add a secondary IP address to the router you want to use ARP,
utilize a static route to an interface, or just live with the way
IP works. (Then what about the path in the other direction?)

Just remember that IGP complexity is not your friend. Make sure
the answer is better than the problem.

Eddy

Manually configuring a static route in router A would achieve the result:
ip route 172.16.16.0 255.255.255.0 fa0/0

However, I'm surprised that there's no dynamic routing protocol that
allows you to do everything you can with static routes.

-Ralph

Why are we doing basic IP routing 101 on NANOG?

Don't route IP blocks to the ethernet. That's using ARP as your routing
protocol and it's horribly fragile. I've seen one ISP do that (they were
very technically challenged) and it's a setup that broke way too easily.

Paging Dalph Roncaster. Clean-up in aisle one.

> > As others are saying... it isn't "local". It's not "local"
> > unless in the same subnet. Physical topology often correlates
> > with higher layers, but it's not strictly 1:1.
>
> Manually configuring a static route in router A would achieve the result:
> ip route 172.16.16.0 255.255.255.0 fa0/0

Why are we doing basic IP routing 101 on NANOG?

OK, since it's so basic why don't you explain how to have router A
dynamically learn from router B that there is a new subnet on the local
ethernet?

Don't route IP blocks to the ethernet. That's using ARP as your routing
protocol and it's horribly fragile. I've seen one ISP do that (they were
very technically challenged) and it's a setup that broke way too easily.

So then what do you call a connected route (for an ethernet interface on a
router)? If you use ethernet, at the edges of your network you HAVE to
route IP blocks to the ethernet.

-Ralph

OK, I'll bite.

I've been doing ip route statements going on 8 years now, and I can't
imagine why ever -- and how it would even work -- you'd want to ip route a
netblock with a next hop of a multi-access brandcast media. As in, the
next hop is still truly undetermined.

I guess I don't know this because I've never tried it. But, how does the
router determine where to send the packets for a route statement as
specified above (ip route a.b.c.d e.f.g.h f0/0) ?

So then what do you call a connected route (for an ethernet interface on a
router)? If you use ethernet, at the edges of your network you HAVE to
route IP blocks to the ethernet.

-Ralph

-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben --
-- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --

When you setup a secondary ip on an interface
int fa0/0
   ip address a.b.c.d e.f.g.h secondary

How does it determine where to send the packets? ARP.
Which is the same as adding the route described above.

-Ralph

Aha.

So, if you route to a ethernet interface, it will try to arp for that
address on that subnet, even without having a local address on the same
subnet?

This seems to me to be something you don't want to do.

Is the entire route valid as long as the router can ARP for one of the
addresses in the routed subnet?

My understanding is the route is valid as long as the interface is
up; just like adding a secondary IP on the interface.

Ralph Doncaster
principal, IStop.com

Are you just asking a question to get a better understanding of how
things work, Ralph or have you already put this into production and are
wondering why it doesn't work a certain way?

My understanding is the route is valid as long as the interface is
up; just like adding a secondary IP on the interface.

If you are going through all this trouble, why not just secondary the
interface, while you at it run HSRP or VRRP and provide some HA-ness for
your LAN?

It's a theoretical question. So far I've had one person email me saying
OSPF can advertise a subnet as local on a shared multi-access media. If
in fact BGP can't do this, then it's no big deal to me as nothing in my
network relies on this functionality.

Ralph Doncaster
principal, IStop.com

OK, I'll bite.

I've been doing ip route statements going on 8 years now, and I can't
imagine why ever -- and how it would even work -- you'd want to ip route a
netblock with a next hop of a multi-access brandcast media. As in, the
next hop is still truly undetermined.

I guess I don't know this because I've never tried it. But, how does the
router determine where to send the packets for a route statement as
specified above (ip route a.b.c.d e.f.g.h f0/0) ?

  A cisco router with the default (ip proxy-arp) enabled on
the interface will spend all its time doing arp/proxy-arp for the hosts and
it will actually work believe it or not.

  You'll notice massive cpu utilization.

  People who do this tend to not have a lot of clue or notice
when their cpu is spending all its time doing this... One should
always turn proxy-arp off on your interfaces both internal and customer
facing so they don't make your router bear the load because they can
not configure their devices logically.

  - Jared

Proxy arp will still send the data thro the other router tho, the only
difference is now router B believes router A to be the destination
station. Seems like your worse off than you were before. (Plus I hate proxy arp
in non-SOHO environments!)

Steve

Ok, so correct me if I'm wrong here (I'm just trying to paint a picture
of what this thread is trying to conceive), RA-FA1: 10.10.10.1/30,
RB-FA0: 10.10.10.2/30, 172.16.16.1/24 secondary?

iBGP setup between RA & RB, RB announces to RA with a next-hop of the
primary address on FA0, RA announces to RB with a next-hop of the
primary address on FA1. When iBGP announces 172.16.16 to RA, you want
it announce with a next-hop of 172.16.16.1 as opposed to the primary
address 10.10.10.2. Is that right?

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
Behalf Of Ralph Doncaster
Sent: Monday, October 07, 2002 12:56 AM
To: Jason Lixfeld
Cc: 'Alex Rubenstein'; nanog@merit.edu
Subject: RE: iBGP next hop and multi-access media

It's a theoretical question. So far I've had one person email
me saying
OSPF can advertise a subnet as local on a shared multi-access
media. If
in fact BGP can't do this, then it's no big deal to me as
nothing in my
network relies on this functionality.

Ralph Doncaster
principal, IStop.com

> Are you just asking a question to get a better understanding of how
> things work, Ralph or have you already put this into
production and are
> wondering why it doesn't work a certain way?
>
> > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> > Behalf Of Ralph Doncaster
> > Sent: Monday, October 07, 2002 12:43 AM
> > To: Alex Rubenstein
> > Cc: nanog@merit.edu
> > Subject: Re: iBGP next hop and multi-access media
> >
> >
> >
> > My understanding is the route is valid as long as the interface is
> > up; just like adding a secondary IP on the interface.
> >
> > Ralph Doncaster
> > principal, IStop.com
> >
> >
> > >
> > > Aha.
> > >
> > > So, if you route to a ethernet interface, it will try to
> > arp for that
> > > address on that subnet, even without having a local address
> > on the same
> > > subnet?
> > >
> > > This seems to me to be something you don't want to do.
> > >
> > > Is the entire route valid as long as the router can ARP for
> > one of the
> > > addresses in the routed subnet?
> > >
> > >
> > >
> > >
> > > >
> > > > > I've been doing ip route statements going on 8 years
> > now, and I can't
> > > > > imagine why ever -- and how it would even work -- you'd
> > want to ip route a
> > > > > netblock with a next hop of a multi-access brandcast
> > media. As in, the
> > > > > next hop is still truly undetermined.
> > > > >
> > > > > I guess I don't know this because I've never tried it.
> > But, how does the
> > > > > router determine where to send the packets for a route
> > statement as
> > > > > specified above (ip route a.b.c.d e.f.g.h f0/0) ?
> > > >
> > > > When you setup a secondary ip on an interface
> > > > int fa0/0
> > > > ip address a.b.c.d e.f.g.h secondary
> > > >
> > > > How does it determine where to send the packets? ARP.
> > > > Which is the same as adding the route described above.
> > > >
> > > > -Ralph
> > > >
> > >
> > > -- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency,
Al Reuben --
> > > -- Net Access Corporation, 800-NET-ME-36,

http://www.nac.net --

automatic discovery of new subnets local to a given segment, followed by
preferential route selection similar to HSRP.

Except above, you're claiming that adding a secondary interface is the
same as adding a route. It's not, as adding the secondary interface
provides a logical link between a layer 3 address and a layer 2 address,
so that ARP is not needed to find the next-(layer 3)-hop, only to find the
next layer 2 hop.

Again, let's move routing 101 to different venue.

Pete