[c-nsp] BGP peer/customer routes

Vitkovsky, Adam avitkovsky at emea.att.com
Tue May 31 09:17:11 EDT 2011 

To me this appears as possible peering link abusing scenario
Where you can abuse the peering link and your peer's core-links and direct all your customers to access AS5 via the peering link and AS11 core-links :)

But jokes aside
Because there's no need to learn prefixes of your customer over the peering session
I believe the new customer questionnaire should query customers as to who they use as transit 
-and if one of the customer upstream ISPs happens to be your peer 
 than you should not advertise prefixes of the particular customer to that peer
-and also update your peer inbound filter with your customer prefixes/ASNs


but in reality...

adam
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of vince anton
Sent: Tuesday, May 31, 2011 12:57 PM
To: cisco-nsp
Subject: [c-nsp] BGP peer/customer routes

Hello everyone,

need some insight from the list as how to best approach a bgp routing/policy
issue, and whats generally done and considered good practise and good
policy.


I operate a transit AS (say AS10), and I have a customer (AS 5) who buys
transit from me.

I also peer with AS11 - no transit either way on this, just peering, ie
sending my networks to AS11, and receiving AS11's networks

Now AS5 also becomes a transit customer of AS11, and so on the peering link
with AS11, I now can see the IP Blocks of my customer AS 5

AS Path length, and Localpref sorts out most routing issues here, except for
the case where AS5 advertises a more specific route to AS11, than to me
(AS10).


So what happens now is that for this more specific customer prefix, I have a
specific route saying some AS5 nets are preferable via the peering link than
via the direct customer link,  and if I want to deliver transit traffic to
my customer, my router would choose the peering link.  This is not desirable
behaviour.


Is the solution here, filtering any customer prefixes from any other links
(ie filtering AS5 nets on link to AS11), or is there any other way of going
about this ?




Thanks,

anton
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list