Information Technology Reference
In-Depth Information
BGP process removes the prefixes from the routing table because of next-hop resolution
failure. The delay for BGP to remove the prefixes because of next-hop resolution depends
on when BGP Scanner runs. This could result in a maximum delay of 60 seconds. The
regional border router will continue to advertise the default route into the region. Traffic
destined to the unavailable prefixes will follow the default route to the regional border
router, at which point that traffic will be discarded due to the next-hop information
continuing to point toward the failed upstream core router.
Administrative Control
The internal/external BGP architecture provides a very clean way to divide administrative
control. The eBGP sessions provide very clear delineation between the regions and the
core. Each region can easily administer its own portion of the network, with the core being
handled by a separate group of administrators. The core network is essentially a service
provider entity for the regional networks.
The boundaries for the BGP autonomous systems are concurrent with the boundaries for
the IGP processes. The regional IGP processes do not extend to the core routers; neither
does the core IGP process extend to the regional border routers. The lack of shared resourc-
es between the regions and the core allows for a clean separation of administrative control.
The connections between the regional border routers and the core routers form a clear DMZ.
Routing Policy
This architecture is significantly different from the previous two architectures in that the
core network and the regional network are distinct entities. In the previous architectures,
the core network and regional networks were blended on the core routers.
The creation of this boundary allows for routing policy to be applied at the border of each
network. The core network has its set of prefixes, and the regional network has its own. In
the previous architectures, the core routers did not have this separation from their geographic
region because of the termination of the regional IGP on the core routers for route injection
into the BGP core.
In Figure 5-17, suppose the desired policy is to block AS 65103 from sending traffic to
10.2.0.0/16 and to block AS 65102 from sending traffic to 10.3.0.0/16. The core routers
would be configured to block the advertisement of 10.2.0.0/16 from being sent via eBGP
by R8 and R9 to R10. The core routers R4 and R6 also need to be blocked from sending
10.3.0.0/16 to R5 and R7. This prevents traffic flow in both directions. It is assumed that
the core routers do not advertise a default to the regional routers.
