[c-nsp] BGP peer/customer routes

Gert Doering gert at greenie.muc.de
Wed Jun 1 03:59:15 EDT 2011


Hi,

On Wed, Jun 01, 2011 at 09:37:59AM +0200, Peter Rathlev wrote:
> On Wed, 2011-06-01 at 09:18 +0200, Gert Doering wrote:
> > If the customer is really creative, they announce the more specifics via
> > the peering link *only* (but not to "the world").  So all the traffic is
> > attracted by the aggregate from your upstreams into your AS, and there the 
> > packets get redirected by the more-specifics to the peering links.
> > 
> > So you pay for your upstreams, and your peer gets the money from the 
> > customer...
> 
> I can see why this specifically should not be allowed. :-)

Heh :-)

> But I'm thinking there are several reasons for a customer to deaggregate
> and create a scenario indistinguishable from this without talking to the
> customer.

Yes, sure.  Some cases might be accidential, some might be intended for
traffic engineering (and not considering all side effects), and some might
be outright malicious...

But in general, this is certainly a problematic scenario, and not trivially
solved (as your filters would need to "reject everything coming in from a
peer that is a more-specific from a route that you would currently announce
to the world", which is a highly dynamic thing...)

[..]
> > > What if I have a primary connection from AS11 and buy a backup
> > > connection (much lower bandwidth) from you, but another of your
> > > customers is the new Youtube? If you insist on sending traffic from them
> > > down the backup pipe I bought from you it wouldn't work. 
> > 
> > Different issue.  If it's "just the backup" (e.g. "use community to set
> > local-pref 70"), it won't be propagated world wide, and won't attract
> > costly upstream traffic.
> 
> In that case the ISP would prefer the peer link, which I assume have
> higher local preference. 

Yes, *but* the ISP would not announce the prefix to the world, so 
"no upstream costs".

> Or am I missing something? The result would be
> the same (traffic wise) as if the customer deaggregated towards the
> other ISP, i.e. OP scenario.

No, as the de-preffed customer prefix wouldn't be propagated.

> If ISP #1 somehow does not prefer the peer route (where the traffic
> would end up at a 100 Mbit/s circuit I have with the peer) and instead
> insists on sending it towards the 4 Mbit/s backup circuit I have with
> the ISP #1 then I as a customer would be in trouble if other customers
> of ISP #1 are ones I ask for a lot of traffic from.

That's why you need community settings to influence local-pref at ISP#1
if you want a "purely backup" circuit that is only ever used if all other
circuits are down...  (well, or mess with more-specifics).

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110601/67a48074/attachment.pgp>


More information about the cisco-nsp mailing list