Page MenuHomePhabricator
Create Task
Maniphest T350354

Do we need to generate aggregates for LVS service IP ranges?
Closed, ResolvedPublic
Actions

Description

Filing task as didn't find the reason in a search.

I notice we have configuration on our core routers to generate aggregate routes for our LVS service IP ranges based on the presence of host-routes annoucned by PyBal, for instance in esams:

set routing-options aggregate route 10.2.3.0/24
set routing-options aggregate route 185.15.59.224/27

I'm not 100% sure on the logic here? All the PyBal host routes are announced in BGP between core routers anyway, so these aggregates never get used. I can kind of see if a brand new LVS SVC IP is announced a remote router will already have the aggregate, and this may mean the service is reachable from the remote site a second or so earlier than if it had to wait to learn the specific host route, but overall I'm not sure it helps much.

Aside from these our aggregate routes are all public prefixes we wish to announce to peers, which seems to me to be the proper use of the aggregate config.

That said it causes zero problems having this in place, just something I happened to notice so thought I'd flag to be discussed.

Event Timeline

cmooney created this task.Nov 2 2023, 10:17 AM
cmooney triaged this task as Low priority.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 2 2023, 10:17 AM
cmooney renamed this task from Do we need to generate aggregates for LVS service IP ranges to Do we need to generate aggregates for LVS service IP ranges?.Nov 2 2023, 10:18 AM
ayounsi added a comment.Nov 7 2023, 1:33 PM

That predates me so the real reason might be lost or not valid anymore.

However I see that they're redistributed in OSPF:
set policy-options policy-statement ospf_export term statics from protocol aggregate

So it could be from a time where individual IPs were not propagated between sites overs BGP, or as a last hope catch all on a BGP failure?

We should look into that when we properly revisit/investigate our global WAN routing strategy.

BBlack subscribed.Nov 7 2023, 2:10 PM

I don't suspect it serves any real purpose at present, unless it was to avoid some filtering that exists elsewhere to avoid cross-site sharing of /32 routes or something.

My best guess would be something to do with the static fallback routes? I think those were set on the /28s within for the high-traffic1 and high-traffic2 sets?

cmooney closed this task as Resolved.Feb 22 2024, 6:18 PM
cmooney claimed this task.
In T350354#9312533, @BBlack wrote:

I don't suspect it serves any real purpose at present, unless it was to avoid some filtering that exists elsewhere to avoid cross-site sharing of /32 routes or something.

Yeah I think you're right, and doesn't look like there is any filtering.

My best guess would be something to do with the static fallback routes? I think those were set on the /28s within for the high-traffic1 and high-traffic2 sets?

Yeah probably added at some point to match those ranges.

In T350354#9312411, @ayounsi wrote:

However I see that they're redistributed in OSPF:

Yeah quite likely from a time when BGP was not announcing internal ranges fully or something.

We should look into that when we properly revisit/investigate our global WAN routing strategy.

Agreed. Sounds like nobody thinks they're needed but lets not touch anything until we're updating the wider strategy. Thanks for the input.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits