[c-nsp] Unicast as Anycast
"Rolf Hanßen"
nsp at rhanssen.de
Mon Nov 25 11:24:52 EST 2013
Hi,
that could work: Add the Arin ASN to your RIPE AS-set.
Tell Level3 to use the object from RADB instead of RIPE and should have
all networks then.
You can check what their prefixgen creates:
whois -h filtergen.level3.net RIPE::AS123
kind regards
Rolf
> Hi Gert
>
> I´d love to see my unicast network announced from Miami and Madrid :) !!
> But I have two different ASN, I don´t know if this is a problem.
> No load balancing and yes, I think I have a problem with objects and
> Level3. I don´t know how Level3 in US will open their filters for a RIPEs
> /24.
>
> The /24 seems to be announced only from Spain (I searched through one of
> my carriers looking glass in Miami and the prefix is seeing only from
> Spain).
>
> cheers!
>
>
>
>
> On Mon, Nov 25, 2013 at 3:33 PM, Gert Doering <gert at greenie.muc.de> wrote:
>
>> Hi,
>>
>> On Mon, Nov 25, 2013 at 02:06:30PM +0100, JJ wrote:
>> > I´m looking to make some tests with anycast(for DDoS mitigation). Does
>> > someone tried to achieve this with unicast IPs?.
>> >
>> > You know it´s not possible to get more IP assignments from RIPE, and
>> after
>> > asking RIPE for anycast assignments, they told me we still could use
>> > unicast for this purpose.
>> > It sounds a bit weird to me...but I made a try and configured a /24
>> being
>> > announced in our AS(different ASN) in Miami and Madrid(Spain), then I
>> just
>> > asked my carriers to open their filters and... It doesn´t work.
>> >
>> > Have you ever tried a configuration like this? (and successful :) )
>> ,or,
>> > perhaps, am I trying the impossible?
>>
>> There are no "anycast" IPs in IPv4. There is just unicast networks
>> announced
>> from multiple places, and that works great :-)
>>
>> The "anycast" thing in the RIPE policies is "if you plan to do anycast
>> deployment, and have no existing addresses you can use for that, there
>> was a special policy to give out /24s from a well-known block for that
>> particular purpose". It's still unicast IPs.
>>
>> If it's not working for you, you're likely missing route: objects (so
>> your
>> announcements are getting filtered), or you're trying TCP traffic with
>> some loadbalancing in the mix, with half the packets going to the one
>> site and the other half going to the other site -> TCP won't work.
>>
>> gert
>> --
>> USENET is *not* the non-clickable part of WWW!
>> //
>> www.muc.de/~gert/
>> Gert Doering - Munich, Germany
>> gert at greenie.muc.de
>> fax: +49-89-35655025
>> gert at net.informatik.tu-muenchen.de
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list