[c-nsp] BGP peer/customer routes

Troy Beisigl troy at i2bnetworks.com
Tue May 31 11:17:51 EDT 2011


We ask customers who do bgp with us for their other asn's they peer with to make sure of this. We then don't allow their prefixes from a peer we don't want to push transit traffic over. I think most service providers are asking this question on their bgp forms these days. 

Troy Beisigl
Director, Network Engineering
I2B Networks Inc.

Sent from my iPad

On May 31, 2011, at 6:17 AM, "Vitkovsky, Adam" <avitkovsky at emea.att.com> wrote:

> To me this appears as possible peering link abusing scenario
> Where you can abuse the peering link and your peer's core-links and direct all your customers to access AS5 via the peering link and AS11 core-links :)
> 
> But jokes aside
> Because there's no need to learn prefixes of your customer over the peering session
> I believe the new customer questionnaire should query customers as to who they use as transit 
> -and if one of the customer upstream ISPs happens to be your peer 
> than you should not advertise prefixes of the particular customer to that peer
> -and also update your peer inbound filter with your customer prefixes/ASNs
> 
> 
> but in reality...
> 
> adam
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of vince anton
> Sent: Tuesday, May 31, 2011 12:57 PM
> To: cisco-nsp
> Subject: [c-nsp] BGP peer/customer routes
> 
> Hello everyone,
> 
> need some insight from the list as how to best approach a bgp routing/policy
> issue, and whats generally done and considered good practise and good
> policy.
> 
> 
> I operate a transit AS (say AS10), and I have a customer (AS 5) who buys
> transit from me.
> 
> I also peer with AS11 - no transit either way on this, just peering, ie
> sending my networks to AS11, and receiving AS11's networks
> 
> Now AS5 also becomes a transit customer of AS11, and so on the peering link
> with AS11, I now can see the IP Blocks of my customer AS 5
> 
> AS Path length, and Localpref sorts out most routing issues here, except for
> the case where AS5 advertises a more specific route to AS11, than to me
> (AS10).
> 
> 
> So what happens now is that for this more specific customer prefix, I have a
> specific route saying some AS5 nets are preferable via the peering link than
> via the direct customer link,  and if I want to deliver transit traffic to
> my customer, my router would choose the peering link.  This is not desirable
> behaviour.
> 
> 
> Is the solution here, filtering any customer prefixes from any other links
> (ie filtering AS5 nets on link to AS11), or is there any other way of going
> about this ?
> 
> 
> 
> 
> Thanks,
> 
> anton
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list