I'm being asked to look into a routing requirement that infuriates me. Trust me, I hate everything about what I'm going to ask. That being said, sometimes you have no other options, and I'd at least like to educate myself to see if there is technically a way.
We're interfacing with some BGP peers. Via on of the peers we receive a summary route (just call it 10.0.0.0/8) and via the other peer we receive a longer prefix (call it 10.1.0.0/24). The location where 10.1.0.0/24 is in use is actually reaching us via the peer that is advertising 10.0.0.0/8 to us, and we because we follow sanity, we route it back via the peer that has the longer prefix length of 10.1.0.0/24. Yes, asymmetric routes, and we have stateful firewalls everywhere so it's obviously dropped as well.
My fix, "just advertise 10.1.0.0/24 to us from the peer advertising 10.0.0.0/8", however I was told "nope sorry we won't do that because we have to make too many changes and it's a huge project.
So, now I'm scratching my head. Two different routes (10.0.0.0/8 and 10.1.0.0/24) both received via BGP and in the RIB, 10.1.0.0/24 does have a longer AS-path but obviously that doesn't matter because the routes themselves are different. So both get injected into the FIB, and when we go to route back to anything in 10.1.0.0/24 we obviously take the more specific/longer prefix length which is to the peer that is advertising us 10.1.0.0/24.
If you had a gun to your head and you had to make this work, can anyone think of a way to route 10.1.0.0/24 traffic back to the peer that is advertising the shorter prefix length of 10.0.0.0/8 and fail over to the path that you are receiving 10.1.0.0/24 from?
I can actually come up with a use case where you might want to do this. Imagine the path between you and the peer advertising 10.1.0.0/24 is dial-up/very low bandwidth but the 10.0.0.0/8 is high bandwidth SD-WAN or something. You want to prefer the SD-WAN path but failback to dial-up. Now, note I said SD-WAN and we all know SD-WAN can be vendor specific and break rules, but this I have no SD-WAN capability and just your normal routing RIB/FIB capabilities.
If you aren't just pure angry at the point, I'll take any suggestions :)
No comments:
Post a Comment