[c-nsp] BGP peer/customer routes
Gert Doering
gert at greenie.muc.de
Wed Jun 1 03:59:15 EDT 2011
Hi,
On Wed, Jun 01, 2011 at 09:37:59AM +0200, Peter Rathlev wrote:
> On Wed, 2011-06-01 at 09:18 +0200, Gert Doering wrote:
> > If the customer is really creative, they announce the more specifics via
> > the peering link *only* (but not to "the world"). So all the traffic is
> > attracted by the aggregate from your upstreams into your AS, and there the
> > packets get redirected by the more-specifics to the peering links.
> >
> > So you pay for your upstreams, and your peer gets the money from the
> > customer...
>
> I can see why this specifically should not be allowed. :-)
Heh :-)
> But I'm thinking there are several reasons for a customer to deaggregate
> and create a scenario indistinguishable from this without talking to the
> customer.
Yes, sure. Some cases might be accidential, some might be intended for
traffic engineering (and not considering all side effects), and some might
be outright malicious...
But in general, this is certainly a problematic scenario, and not trivially
solved (as your filters would need to "reject everything coming in from a
peer that is a more-specific from a route that you would currently announce
to the world", which is a highly dynamic thing...)
[..]
> > > What if I have a primary connection from AS11 and buy a backup
> > > connection (much lower bandwidth) from you, but another of your
> > > customers is the new Youtube? If you insist on sending traffic from them
> > > down the backup pipe I bought from you it wouldn't work.
> >
> > Different issue. If it's "just the backup" (e.g. "use community to set
> > local-pref 70"), it won't be propagated world wide, and won't attract
> > costly upstream traffic.
>
> In that case the ISP would prefer the peer link, which I assume have
> higher local preference.
Yes, *but* the ISP would not announce the prefix to the world, so
"no upstream costs".
> Or am I missing something? The result would be
> the same (traffic wise) as if the customer deaggregated towards the
> other ISP, i.e. OP scenario.
No, as the de-preffed customer prefix wouldn't be propagated.
> If ISP #1 somehow does not prefer the peer route (where the traffic
> would end up at a 100 Mbit/s circuit I have with the peer) and instead
> insists on sending it towards the 4 Mbit/s backup circuit I have with
> the ISP #1 then I as a customer would be in trouble if other customers
> of ISP #1 are ones I ask for a lot of traffic from.
That's why you need community settings to influence local-pref at ISP#1
if you want a "purely backup" circuit that is only ever used if all other
circuits are down... (well, or mess with more-specifics).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110601/67a48074/attachment.pgp>
More information about the cisco-nsp
mailing list