more specific routes in today reality
Vladimir A. Jakovenko vovik at lucky.net
Tue Oct 9 16:30:34 CEST 2001
On Tue, Oct 09, 2001 at 03:23:30PM +0200, Gert Doering wrote: >Hi, > >On Tue, Oct 09, 2001 at 04:02:08PM +0300, Vladimir A. Jakovenko wrote: >> >> 1. Routes with more than one origin. >> > >> >No - the more specifics are announced by the customer AS *only* (and the >> >upstream AS that this blocks belongs to will permit them "through"). >> >> We are talking about different types of multihoming. I mean simple multihoming >> situation when all multihomed customer's needs in routing are covered by they >> upstream providers routing policies. In this situation more specific PA route >> can be originated by upstreams without allocation to customer new AS-num. >> Moreover, according to ripe-185: >> >> In order to help decrease global routing complexity, a new AS Number >> should be created only if a new routing policy is required. > >I didn't realize this, but I agree with Randy on this: without their >own AS number (and with them doing the BGP origination stuff and so >on), this isn't going to work anyway - if they do not want to do BGP, >then they should multi-home to the *same* ISP. Sorry, but this _is_ working with multi-homing on different ISPs: 1. They can build eBGP interoperation with their uplinks using private AS numbers. Uplinks can strip down private AS numbers from AS-path on uplink's AS boundaries ( Router(config)#router bgp YYYY Router(config-router)#nei X.X.X.X ? remove-private-AS Remove private AS number from outbound updates ). 2. They can build any kind of IGP with uplink. Each uplink redistribute they more specific network from appropriate IGP protocol to BGP. >[..] >> > - if one is filtering "no /24's", the end site is *still* be reachable, >> > which would not work with PI space. >> >> Disagree. During last time a number of routing curioses at least in our country >> have been caused by incorect announcements or filtering more specific routes >> within already announced less specific routes. If you want, I can describe some >> of the most common problems. PI addresses have its own set of problems, more >> specific PA addresses also have own set problems. This sets partly overlaps, >> but not same. And PA more specific isn't safer than PI. They just unsafe a bit >> more different. > >They will be much safer when people start filtering out "long prefixes". People have been filtering out "longer prefixes" for years. And /24 been (informal) longest _acceptable_ prefix for long time (just look at CIDR reports history). >Which will happen *soon*. One recomendation from one of our peers background: If you are going to filter prefixes based on prefix length _always_ filter it same on all sessions. Otherwise your chance to be affected by nasty routing loops will be very high. -- Regards, Vladimir.
[ lir-wg Archives ]