Re: [nsp] BGP Multihoming -how to announce backup route???

From: Gert Doering (gert@greenie.muc.de)
Date: Fri Nov 23 2001 - 16:47:02 EST


Hi,

On Fri, Nov 23, 2001 at 10:23:26PM +0300, Bob's Lists wrote:
> > If I filter "no /24s in ARIN only-/20s-here blocks", I hit only those
> > people that think they can announce whatever they like
>
> No, you don't - which is all I was trying to tell you. I am not
> disagreeing that there is a considerable amount of fluff out there -
> but filtering per the ruleset above WILL lose you connectivity with
> some legitimately advertised routes.

You provide one example below, and see there for my response.

Still I haven't seen an example of multiple aggregateable (!) more-specifics
being legitimately announced to the whole world (and not just a subset of
upstreams), with the SAME AS PATH (!), and (this is also important!) the
aggregate NOT being announced?

If the aggregate IS announced, they could care less whether I filter the
/24s or not - if I filter, the packets will take the /20 route, and will
eventually hit one of their upstreams, wo will know where the individual
/24s are. Think about it. Why does the whole world have to know the
more-specifics?

The scenario I mention is people doing this for traffic balancing over
multiple uplinks in the same region, or even to the same upstream ISP,
and not suppressing "leaking" of the more-specifics outside their
"region". I'm specifically not talking about geographically
diverse networks that just happen to belong to the same company
but do not really have "good" links in between (so they can't take
all traffic for one country in a different one).

> > > Where do you get off telling them they must announce it as a /20?
> >
> > I'm not doing that. I tell them "if you want to reach AS 5539 in future,
> > you'd better get your announcements aggregated".
>
> And the difference between this and telling them they must announce it
> as a /20 is?

I can't force them to do anything - and neither can they force me to take
their routes. So we could compromise on something: they announce their
aggregate and I accept their route. Which would be a decent compromise.

Their /24 announcements cost me REAL MONEY (I mentioned the upgrade
figures that had to be done solely due to RAM pressure already).

So a different compromise might be "if you want me to take your /24, I get
$10 per month per /24". Obviously, the people announcing crap would not
like that either (and handling would be just impractical).

> > So if you are one of the people that think there is a hard need to not
> > announce your aggregate and only announce all the more specifics - could
> > you elaborate on why this is so?
>
> I hesitate to compound an already somewhat OT thread but since you
> asked, I am multihomed under extreme circumstances which make it
> impossible for me to have only one common provider/route. I have 4
> outbound link, and five inbound links in three separate countries.
> Geographically and topologically it is *impossible* for me to
> aggregate (believe me, I wish I could), although I must say at least
> I can hold my head up and say I'm not so stupid as to simply advertise
> the whole /19 as /24's - I have aggregated as much as I can, and
> have 2 /24's the rest being a /21 and a couple of /22's and /23's.

You are obviously a very special case.

Nevertheless, you wouldn't lose much by announcing the /19 in addition to
the individual networks - in which case I can filter out all /24s and
still reach you just fine.

You're NOT the people I'm talking about, though - look at the example
posted yesterday or so, with a whole /19 being announced as /24, with all
of that with the very same AS path. The difference is "the very same AS
path" - which is obviously not the case in your situation.

On the other hand: it might make sense for you to use PA networks from
the respective upstream providers. But this is also not a solution for
everyone.

My goal is not to get rid of all /24s in the global table - this is not
possible, and there are many legitimate ones. But there are too many
that are just not needed.

> On the whole I think we do not disagree too much despite this thread
> - I simply think you are going in the wrong direction trying to force
> aggregated announcements on "all", when what you should be (and appear
> to be) doing, is educating those for whom it *is* possible to aggregate.

Now I have to turn the question around: how do I do this?

Talking to people is what I do all the time (see this thread :-) ) and it
doesn't really have much effect. So I try scaring people "hey, if you
don't aggregate, you won't see my small corner of the internet", and
subsequently explaining what this is all about. I'm not sure whether this
will work, but I hope it will.

(On the other hand, I *do* wish to reduce the load on our routers, and
filtering on allocation boundaries for network blocks from other
continents seems like a good start...).

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert.doering@physik.tu-muenchen.de



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:55 EDT