|
Redistributing the whole IGP into BGP could
result in some unwanted information being leaked into BGP. Such
information could be private addresses, or illegal (not registered)
addresses that are supposed to be used within the AS only. Other
information could be routes with a prefix length that does not comply with
the provider's aggregation policies; a host route with a prefix length of
32 is an example. This could be prevented by careful filtering.
Faulty information can also be injected
into BGP because of the mutual exchange of routes between BGP and the IGP.
In the same way that an IGP can be redistributed into BGP, BGP routes can
be injected into an AS via redistribution into the IGP. When
redistribution occurs in both directions, it is called mutual
redistribution. In mutual redistribution, information that was injected
from the outside into the AS could be sent back to the Internet as having
originated from the AS. The figure illustrates the danger of mutual
redistribution between protocols.
In the Figure, AS100 is the source of NetA
and is sending this information via BGP to AS200. The border router RTC
injects that information into the IGP, and RTB learns about it. RTB is
configured to redistribute the IGP information into BGP. NetA will end up
being advertised via BGP back to the Internet as if it has originated from
AS200. This is very misleading to ASs connected to the Internet because
NetA now has two sources rather than one source (AS100).
Again, to remedy this situation, special
filtering should be put on the border routers to specify what particular
networks should be injected from the IGP into BGP. This setup would have
stopped NetA from being redistributed back into BGP by RTB. For protocols
that differentiate between internal and external routes such as OSPF, the
administrator can configure the protocol to ensure that it will
redistribute only internal routes into BGP. (In the Cisco implementation,
external OSPF routes are automatically blocked from being redistributed
into BGP; the administrator has the option of overriding this behavior.)
For protocols that do not distinguish between internal and external routes
such as RIP or IGRP, special route tagging should be performed to
differentiate between external routes and internal routes.
|