BGP Question - Advertising a network

aquilla

Hi Guys,

I've been asked a question by one of our customers. I think I have a work around but I wanted to check it and see if anyone had any other suggestions.

Customer has an MPLS network with about 10 sites. We manage the CE routers for the customer. BT provide the MPLS service and look after the PE routers.

Each CE router has BGP enabled and is configured to peer with the BT PE router. Each CE router will advertise it's loopback address (for management purposes) and its LAN subnet.

The customer has a DR site with a CE router but nothing is connected to it on the LAN side (interface is down). The customer has requested they want the LAN subnet at the DR site advertised into BGP across the MPLS network.

I've checked the router config and can see there is a network statement under the BGP config advertising the LAN subnet however I can't see it in the routing table from another site.

I believe this is because the LAN interface is down.

In order to advertise this subnet regardless of the interface status, the only way I can think to do it (and in my mind, it's not great), is to turn off keepalives on the LAN interface which should bring it up.

I've just mocked that up in GNS3 and it works. Can anyone else think of another way round this? Obviously turning off keepalives is a bad idea.

Hopefully this makes sense.

Thanks,

Forsaken_GA

In order for BGP to advertise a route, the route must be in the routing table. if the interface is down, the route will not be in the routing table.

What I would advise is creating a static route for that IP block, route it to null0. That will put the route in the routing table and allow it to be advertised (itll also discard any traffic it receives rather than trying to route it)

ColbyG

Why do they want this? They're just going to draw traffic across the WAN to be dropped.

Forsaken_GA

ColbyG wrote: »

Why do they want this? They're just going to draw traffic across the WAN to be dropped.

That may be fine. Since it's a DR site, it may not be built out yet, and they may just want the route in order to test things on the network side. If they shovel some test traffic that way and they can verify it's making it to the CE router at the DR site that may be good enough, and who cares if it gets dropped.

His other option would be to just put the lan subnet on a loopback and advertise it, and when they're ready to bring up the LAN interface, pull the loopback and configure the LAN interface, but that'll take a convergence hit. If he just advetises a static to null0, when the lan interface comes up for real, it'll replace the static in the routing table by way of superior AD and not cause a convergence hit.

ColbyG

Forsaken_GA wrote: »

If he just advetises a static to null0, when the lan interface comes up for real, it'll replace the static in the routing table by way of superior AD and not cause a convergence hit.

Sure, but again, what's the point? If it's simply for testing he could do the no keepalives and turn it off when he's done, or the static to null. But why would anyone want to leave this in place? Testing routing should be quite brief. Can't do much testing if there are no hosts on the other side.

I mean if the customer wants it, I guess do it. But I'd surely want to know why. Especially if people are spinning up things up and pointing to the DR subnet wasting (valuable) WAN bandwidth.

Forsaken_GA

ColbyG wrote: »

Sure, but again, what's the point? If it's simply for testing he could do the no keepalives and turn it off when he's done, or the static to null. But why would anyone want to leave this in place? Testing routing should be quite brief. Can't do much testing if there are no hosts on the other side.

I mean if the customer wants it, I guess do it. But I'd surely want to know why. Especially if people are spinning up things up and pointing to the DR subnet wasting (valuable) WAN bandwidth.

It largely depends on the organization.

In mine... I'd do it too. Our production operations team is entirely seperate from network operations, which is entirely separate from corporate operations, and the PM's come up with different milestones for us to hit on various projects. So if my PM said I needed to have routing to the DR active by such and such date, I'd make sure those routes were in the table, regardless of whether or not the site was active.

So yeah, if everyone's working together, this is largely unnecessary, but if your teams function as autonomous units that only talk to each other when stuff breaks, building the routing before the site goes live is certainly a valid approach.

ColbyG

I suppose. Being a milestone is a relatively valid (but sad) reason to do it. Lord knows a lot of the PMs I work with would set a similarly stupid goal. I can think of far more reasons NOT to do this than reasons TO do it.

Either way, I'm curious what the reasoning is in this case. My point was not necessarily to argue against it, more to figure out why this need exists. And if that answer isn't known, possibly encourage the OP to find out if it truly is valid and needed. I get requests like this from customers all the time. A big part of my job is to sit them down and explain to them why they don't really want to do this great thing they came up with.

Why's everything always an argument with you?!

Forsaken_GA

ColbyG wrote: »

I suppose. Being a milestone is a relatively valid (but sad) reason to do it. Lord knows a lot of the PMs I work with would set a similarly stupid goal. I can think of far more reasons NOT to do this than reasons TO do it.

Either way, I'm curious what the reasoning is in this case. My point was not necessarily to argue against it, more to figure out why this need exists. And if that answer isn't known, possibly encourage the OP to find out if it truly is valid and needed. I get requests like this from customers all the time. A big part of my job is to sit them down and explain to them why they don't really want to do this great thing they came up with.

Why's everything always an argument with you?!

I'm not arguing, I'm discussing!

I actually don't think it's that big of a deal. If the DR site isn't active, then there's likely not going to be any significant traffic heading toward it, so I don't really see the harm in letting it be in the routing table. You're going to have to do it anyway the second they turn up the first machine at the DR site, so I'd rather do it in advance so that the only thing networking needs to do to get the DR site active is issue no shut on the LAN interface. Those instructions are so simple that even the most junior net eng couldn't screw it up!

aquilla

Thanks for the suggestions guys.

I will speak to the customer today before I do anything to try and understand why they want this done.

I might see if I can convince them to plug a LAN switch into the port which will bring the interface up and cause the route to be advertised out to the network.

I would rather not put in static routes to null0 or create loopback interfaces as it has the possibility to cause confusion.

Thanks,

cxzar20

ColbyG wrote: »

Why do they want this? They're just going to draw traffic across the WAN to be dropped.

We also null route a subnet in certain circumstances. There is address space that the customer controls and address space that we control for WAN subnets. They have been known (on several occasions) to set duplicate addresses and blame us. So, when we are informed by their program office that they are going to use a certain address space, such as a class C for a smaller site, we then check the routing table and configure it to null0 on our router to make sure it's in the routing table and won't be used again. Once they are ready to turn up the LAN port we remove the static route.

ColbyG

Ha, that's a pretty good (and funny) reason!

aquilla

Hi Guys,

I spoke to the customer today and they explained they wanted it done so they can see the route to their DR site in the routing table to make sure it's up in case of any emergency.

They also advised they want to be able to ping the LAN interface so the agreement we came to was to turn keepalives off on the LAN interface.

I did a bit more playing about with the route to null0 and can see now how it would work.

Thanks for the help.

ColbyG

Yeah, you'd need to create a loopback or something if you wanted to make it pingable without the no keep.

Forsaken_GA

aquilla wrote: »

Hi Guys,

I spoke to the customer today and they explained they wanted it done so they can see the route to their DR site in the routing table to make sure it's up in case of any emergency.

They also advised they want to be able to ping the LAN interface so the agreement we came to was to turn keepalives off on the LAN interface.

I did a bit more playing about with the route to null0 and can see now how it would work.

Thanks for the help.

Ok, so it's like I figured, they just want the route visible.

I wouldn't really turn off keep alives on the lan interface. That's the kind of thing that's very easy to forget about, so if they wants pings to succeed, you'll need to advertise a real interface, or a loopback.

If they've got a switch at the DR site that the LAN interface can plug into, that would probably be the best solution, that way you could keep the interface up legitimately and not have to worry about configuration on the router side when they start building the site out.