Communities

Mon Oct 15 20:14:37 UTC 2001

> Hypothetical example with real names:
> 
> Let's say that I have transit from 6347 and 2914.  Now let's say
> that I'm stupid, and start advertising routes that I learn from
> 2914 into 6347, and that 6347 isn't filtering my as-paths or
> netblocks.  [Note: 6347 does know better in the real world.]

Gee, this is already something that can easily be solved - route-maps are
your friends. The moment you do something like this you *will* get filtered.

> Now a customer ("Network X") of 6347 and 1239 will see 2914
> netblocks via
> 
> 	6347 19358 2914
> 	6347 { 701 | 1239 | 3561 } 2914
> 	1239 2914
> 
> assuming that:
> 
> + 1239/2914 directly connect
> + 6347/2914 do not directly connect
> + 6347 obtains transit to 2914 via 701, 1239, and 3561.
> 
> 6347 learns 2914 routes from 701; 1239; 3561; and (wrongly) me,
> 19358... then chooses a best route to redistribute.  Because 6347
> sells transit to me, they'll give my routes higher local-pref
> than their peers or upstreams.  Thus, for any 2914 netblock, I
> become the preferred egress from 6347.  Problem #1.

You are missing a few little things - if 6347 does not filter and you
redistribute 2914 routes to 6347, you will redistribute entire view of the
world from perspective of 2914, since 2914 if your upstream provider as
well. Since 6347 prefers your routes, you will become exit point for all
non-customer traffic of 6347, which is going to be immediately detected.

All of this of course is exercise in typing since everyone sane has some
knobs that they set to make sure that their customers do not blow up their
entire network.

> Now lets say that Network X uses local-pref to penalize
> 
> 	_1239_.*_2914
> 
> Network X sees:
> 
> 	6347 19358 2914
> 	1239 2914
> 
> Network X's local-pref policies in their route-maps makes the
> latter one undesirable.  Problem #2, and the [extreme] example
> in my prior post.
> 
> Some old-timers help me out:  IIRC, 3561 got blackholed in 1997
> by bad BGP from another well-known network... but I don't want
> to say more in case my memory is bad.

7007 problem was different. The issue was that 7007 redistributed EGP into
classful IGP, which got redistributed back into IGP, which of course broke
AS_PATH loop detection in addition to creating a set of higher specificity
routes.

Alex