Redundancy & Summarization

Mailman List Mirror (Read Only)
1

My institution has a single /16 spread across 2 sites: the lower /17 is
used at site A, the upper /17 at site B. Sites A & B are connected
internally. Currently both sites have their own ISPs and only advertise
their own /17's. For redundancy we proposed that each site advertise
both their own /17 and the whole /16, so that an ISP failure at either
site would trigger traffic from both /17s to reconverge towards the
unaffected location.

My worry/question: will carriers down the line auto-summarize my
advertisements into a single /16, resulting in a 'load sharing' while
both sites are active? If you're a backbone carrier and you saw x.x/16
and x.x/17 (or x.x/16 and x.x.128/17) being advertised from the same
peer would you drop the longer match?

Regards and thanks,

Jon Gaynor, Senior Network Engineer
Fox Chase Cancer Center
(215) 214-4267, jonathan.gaynor@fccc.edu

2

Hi Jon,

If I personally saw it, I wouldn't bother since I would assume there would be a method to your madness. :wink:

Jeff

3

Gaynor, Jonathan wrote:

My institution has a single /16 spread across 2 sites: the lower /17 is
used at site A, the upper /17 at site B. Sites A & B are connected
internally. Currently both sites have their own ISPs and only advertise
their own /17's. For redundancy we proposed that each site advertise
both their own /17 and the whole /16, so that an ISP failure at either
site would trigger traffic from both /17s to reconverge towards the
unaffected location.

My worry/question: will carriers down the line auto-summarize my
advertisements into a single /16, resulting in a 'load sharing' while
both sites are active? If you're a backbone carrier and you saw x.x/16
and x.x/17 (or x.x/16 and x.x.128/17) being advertised from the same
peer would you drop the longer match?

No, BGP does not work this way. But you may force some carriers to have only /16. First, you may try to announce the /17's with the community no-export, so they will be seen only by your direct ISP, not by the rest of the world. Or you may try to use some other communities to limit announcements of your shorter prefixes, only to some part of the world.

4

Grzegorz Janoszka wrote:

No, BGP does not work this way. But you may force some carriers to have only /16. First, you may try to announce the /17's with the community no-export, so they will be seen only by your direct ISP, not by the rest of the world. Or you may try to use some other communities to limit announcements of your shorter prefixes, only to some part of the world.

Actually, BGP does work that way. The goal is for both /17's to normally make the route decisions, but if one of them disappears, there is a covering /16 route. While this normally wouldn't be a problem, there are places that have issues with their routing table size and do strange modifications to which prefixes they accept.

I'd be more concerning if it was a bunch of /24's in a /16 cover, but given the extent of only having 3 prefixes, MOST policies would accept all 3 just fine.

That being said, there is still the possibility of some traffic coming the wrong way, but it should be very small (less than if you sent both /17's out both providers and prepended).

Jack