nanog mailing list archives
Re: Juniper DOS/Blackhole question
From: Saku Ytti <saku () ytti fi>
Date: Sun, 23 Oct 2011 10:18:58 +0300
On (2011-10-22 20:38 -0500), Jack Bates wrote:
the route. This seems strange to me. Any idea why a route would be rejected unless multihop was enabled?
RFC4271 states:
--
- By default (if none of the above conditions apply), the BGP
speaker SHOULD use the IP address of the interface that the
speaker uses to establish the BGP connection to peer X in the
NEXT_HOP attribute.
--
Your provider was rewriting the next-hop to some address they are blackholing
inside their network. This caused above check to fail, and route was being
considered invalid.
EBGP multihop is kludge to kill this check, but also kludge to kill convergence
of your BGP session, due to disabling fall over on linkdown.
Proper way to disable this check is JunOS 'accept-remote-nexthop' or IOS
'disable-connected-check'.
--
++ytti
Current thread:
- Juniper DOS/Blackhole question Jack Bates (Oct 22)
- Re: Juniper DOS/Blackhole question Stefan Fouant (Oct 22)
- Re: Juniper DOS/Blackhole question Jack Bates (Oct 22)
- Re: Juniper DOS/Blackhole question Christopher Morrow (Oct 22)
- Re: Juniper DOS/Blackhole question Jack Bates (Oct 22)
- Re: Juniper DOS/Blackhole question Saku Ytti (Oct 23)
- Re: Juniper DOS/Blackhole question Jack Bates (Oct 23)
- Re: Juniper DOS/Blackhole question Stefan Fouant (Oct 22)