Let’s play with BGP for a while. Remember, BGP is all about policy ;-).

Here, customer (AS 300) uses AS 1 for his primary upstream and he has another upstream provider for redundancy. In this simple scenario both providers announce a default route for the customer:
multihop_ebgp

From now on we will focus on provider AS 1 only. These guys really take care about their customers. They are aware, that they should not announce the default without being capable to deliver the full service. In case their upstream fails or something really nasty happens in their core, they will not generate the default for their dual-homed customers.

Let us take one step at a time.
On a Cisco IOS box, a default route can be generated and announced with the default-originate directive. Here is an example from a sloppy provider:

hostname R1
!
route-map OriginateDefault deny 10
!
router bgp 1
 address-family ipv6
  neighbor 2001:DB8:2::23:1 default-originate
  neighbor 2001:DB8:2::23:1 route-map OriginateDefault out
!

By the way, Juniper JUNOS uses an export policy instead of the “default-originate” hack. In JUNOS the policy defines how the default route is exported from a routing table to a BGP protocol.

With “default-originate” the default route ::/0 is unconditionally announced to the customer. This is definitely not what we want to achieve :-(.

Let’s try to fix that.

We need a mechanism to conditionally generate and announce the default route. IOS has one. You can add a route-map to the “default-originate” directive, which triggers the generation of the default route only if it matches at least one prefix in the routing table. To illustrate this, we’ve set 2001:db8:ffff::/128 for a prefix which, when installed in the routing table, signals the BGP to originate the default route:

ipv6 prefix-list MyUpstream permit 2001:DB8:FFFF::/128
!
route-map IfMyUpstreamIsReachable permit 10
 match ipv6 address prefix-list MyUpstream
router bgp 1
 address-family ipv6
  neighbor 2001:DB8:2::23:1 default-originate route-map IfMyUpstreamIsReachable
!

The choice of the “signaling” prefixes in the route-map is important. If all of them are missing from the routing table, the default route will be dropped. We still assume that the default route is the only route that is being announced to the customer under normal circumstances. When the default is gone, the customer won’t be able to reach any part of AS 1 as well. Therefore, AS 1 might consider to announce all its internal address space and the address space of his other customers or private peerings to AS 300 along with the default route. But this is a whole new chapter, so let us stick to our simple example.

The fix with a route-map does the job but there are other options. We can use iBGP to transport the default route within AS 1. Assuming that we have a default route in IGP, the BGP default route will not be used for the default routing within the AS (normally, BGP routes have lower preference than the IGP ones). The default route from BGP will only be used for conditional generation of the default route for the customers. Hence, we inject the default route into BGP conditionally, depending of our upstream reachability.
The default route in BGP will come in even more handy if it is marked with a special BGP community, 1:0 for example. Like this:

! ::/0 is known via OSPF
R1#show ipv6 route ::/0
Routing entry for ::/0
  Known via "ospf 1", distance 110, metric 2, type inter area
  Backup from "bgp 1 [200]"
  [snip]
! BGP ::/0 originates from R2 (R2's configuration is not shown here for brevity)
R1#show bgp ipv6 unicast ::/0
BGP routing table entry for ::/0, version 16
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
     4
  Local, (Received from a RR-client), (received & used)
    2001:DB8:2:: (metric 1) from 2001:DB8:2:: (2.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Community: 1:0

Please, note the community 1:0. Now, instead of “default-originate route-map …”, we can use a simple route-map that matches the “default route” community:

ip bgp-community new-format
ip community-list standard Default permit 1:0
!
route-map OriginateDefault permit 10
 match community Default
!
router bgp 1
 address-family ipv6
  neighbor 2001:DB8:2::23:1 route-map OriginateDefault out
!

So it goes ;-).
And again, a great reference from Ivan’s blog:
Responsible Generation of BGP Default.


Being a JUNOS fan I feel the urge to juniperize the conditional default generation:

[edit policy-options prefix-list MyUpstream]
2001:db8:ffff::/128;
[edit policy-options policy-statement IfMyUpstreamIsReachable]
term LookForUpstream {
    from {
        rib inet6.0;
        prefix-list MyUpstream;
    }
    then accept;
}
term NoOther {
    then reject;
}
/* this conditionally generates the default to the routing table */
[edit routing-options]
rib inet6.0 {
    generate {
        route ::/0 {
            policy IfMyUpstreamIsReachable;
        }
    }
}

/* this matches the default route only */
[edit policy-options policy-statement OriginateDefault]
term DefaultRoute {
    from {
        route-filter ::/0 exact;
    }
    then {
        next-hop self;
        accept;
    }
}
term DenyOther {
    then reject;
}

[edit protocols bgp group Customers]
/* originate the default to customers */
export [...other policies...  OriginateDefault];

Advertisements