Re: refresher - what's happening

[Curtis Villamizar <curtis () ans net>]

In message <9504250245.AA19883 () mailer psc edu>, "Matt Mathis" writes:
> > If there is a catastrophic failure tomorrow morning, Merit
> > will advise the ANS NOC to roll back to the previous configuration
> > (the one installed on Tuesday morning).
> Which Tuesday?
>
> Beware that the ENSS gated announces it's interfaces into the ANS core, even
> if there are no E-BGP peers (or for that matter, even if the LAN interfaces
> are down).  This means that the planed test will not really idle the ENSS if:
>       - There are any services or *clients* on the DMZ itself
>                (mrouted?, DNS?, NTP?, etc)
>       - Anybody is remotely monitoring your peers with either snmp or ping.
>
> My observations are based on the FDDI interface of ENSS132, which was
> previously attached to a natural class C network.  Physically unplugging the
> FDDI did not stop the ENSS from announcing it....
>
> Your mileage may vary.
>
> Good luck,
> --MM--


Matt,

The ENSS still had a route to that DMZ, only the DMZ was now
partitioned.  The behavior used to be that at least one peer had to be
on the DMZ but it now announces the route anyway.  Rather than pull
the plug, an "ifconfig down" on the ENSS or adding "restrict" to the
"proto direct" line for the interface in the exports to IBGP in the
gated.conf file should do the trick.  Next time please just call our
NOC and ask them to take it down.

Thanks,

Curtis