Information Technology Reference
In-Depth Information
In this design, the enterprise border routers are eBGP peered with their upstream providers.
There is a full iBGP mesh between all enterprise border routers and any other Layer 3
devices that might provide transit between the enterprise border routers. The amount of
prefix information received can vary from default information only to full tables. The
scenarios for receiving prefix information are the same as when a single enterprise border
router is used.
The most common schemes involve the use of partial routing information. This can mean
requesting partial routes from all upstream providers and using these in conjunction with
default routes or requesting full tables and modifying the inbound filtering to achieve
reasonable load sharing. Ultimately, the method used depends on the specific goals of the
enterprise. The simplest method uses one link for primary connectivity and the other links
for purely backup connectivity. The most difficult task is achieving fairly even load sharing
over multiple links.
Route Filtering
The importance of properly filtering routing information cannot be stressed enough. This
section provides a short overview of the filtering you should use between the enterprise
border and the service provider.
Inbound Filtering
Two primary groups of prefixes should be filtered out of prefix information received from
the upstream providers—Martian address space and your own prefix information.
Martian address space is address space that should never be globally advertised. The
following is a list of Martian address spaces:
•
RFC 1918 addressing
—RFC 1918, Address Allocation for Private Internets, speci-
fies private addressing. This addressing is intended for use in private networks. As a
result, many networks might use the same netblocks. This address space, including
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, should never be advertised globally.
•
System local addressing
—The 127.0.0.0/8 address space is reserved for use internal
to a system. For instance, the 127.0.0.1 address is often used as an internal system
address to simulate loopback functionality in hosts.
•
End node autoconfiguration block
—The 169.254.0.0/16 network block is intended
for automatic address assignment when a DHCP server is unavailable.
