Re: [nsp] Accepting ips from outside our network.

From: Cliff Judge (cliff@broccoli.skycache.com)
Date: Thu Jun 15 2000 - 19:45:27 EDT


If you are not merely providing transit for this customer, if rather you
provide them services on your network, then I guess the situation does get
a little more complicated.

Remember that if they only had the one link to your network in the first
place, and it went down, they still would not be able to reach those
services. Sell them another connection! :)

You could conceivably allow your customer's networks through your border
filters, and then twiddle the BGP knobs such that traffic to your customer
would only transit through a peer if the customer's link went down, but I
would recommend against doing this unless you have sat down and assessed
the risks that this would pose to your network.

On Thu, 15 Jun 2000, Dale Hege wrote:

> So if the link between us and our customer goes down they will not be able
> to reach our network? Should we poke holes in the traffic filters to allow
> packets from our customer to enter through our transit providers?
>
> Thanks,
>
> -Dale
>
> On Thu, 15 Jun 2000, Cliff Judge wrote:
>
> > On Thu, 15 Jun 2000, Dale Hege wrote:
> >
> > >
> > > We have recently had one of our customers who currently has 4 /24s of ours
> > > want to run then with another service provider to have redundancy. We
> > > currently have filters in place to remove traffic & routes comming from
> > > the Internet onto our network from IPs that are within our network. Is
> > > this the right thing to do? We could poke holes in our filters but should
> > > we? Any advice or experience on this matter whould be great.
> > >
> > >
> > > Thanks,
> > >
> > > -Dale
> >
> > Don't poke holes in your filters to allow advertisements of these /24's
> > from any AS other than your customer; traffic from your network will
> > prefer to transit the customer's other provider and he'll recieve no
> > incoming traffic on the link from you. (YMMV despnding on how you
> > aggregate your networks I suppose).
> >
> > What you SHOULD do, however, is allow your customer to announce these
> > /24s to you, and send those announcements on to your peers. I.e. don't
> > filter her advertisements. The Internet at large will (for the most part)
> > see two announcements for each of the /24's, and this will help them on
> > the quest for the elusive balanced load.
> >
> > -%
> > Cliff Judge Network Engineer
> > 301-598-0500 x2866 Cidera, Inc
> >
>

-%
Cliff Judge Network Engineer
301-598-0500 x2866 Cidera, Inc



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:13 EDT