Murphy, Jay, DOH
Jay.Murphy at state.nm.us
Mon Jun 7 17:10:24 CDT 2010
Yes, the customer has an AS number, it's just from the private AS number block, e.g. AS 65000..when the block is routed to the AS running BGP, it is tagged with that ISP's public AS number, and announced to the world in this manner. OK, acknowledged. Clarify, "transiting"? Do you mean one ISP acts as a transit routing domain for another, or for traffic that "traverses" this particular ISP, which one?
IP Network Specialist
NM State Government
IT Services Division
PSB – IP Network Management Center
Santa Fé, New México 87505
"We move the information that moves your world."
“Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.”
“Engineering is about finding the sweet spot between what's solvable and what isn't."
Please consider the environment before printing e-mail
From: Steve Bertrand [mailto:steve at ipv6canada.com]
Sent: Monday, June 07, 2010 4:00 PM
To: Murphy, Jay, DOH
Cc: Dale Cornman; nanog at nanog.org
Subject: Re: Strange practices?
On 2010.06.07 17:49, Murphy, Jay, DOH wrote:
> "Has anyone ever heard of a multi-homed enterprise not running bgp with
> either of 2 providers, but instead, each provider statically routes a block
> to their common customer and also each originates this block in BGP?â€
> As stated before...yes this is a common practice.
> "One of the ISP's in this case owns the block and has even provided a letter of
> authorization to the other, allowing them to announce it in BGP as well.â€
> Yes, one ISP owns the block, both will aggregate the blocks and announce the blocks to the global internet. BGP attributes will shape best path for routing; i.e., AS-PATH, ORIGIN, LOCAL PREF. MEDS should take care of "leaking" routes.
> So, is this design scheme viable? Yes, it is.
I understood the OP's question as one of concern. It sounds to me like
one of their ISPs can't/won't/doesn't know how to configure a
client-facing BGP session. I've run into this before, and it was due to
a lack of understanding/clue of how to peer with a multi-homed client
when the client didn't have their own ASN.
If that is the case, then I'd be concerned about situations where the
link goes down, but the advertisement is not removed from their
DFZ-facing sessions, possibly causing a black hole for traffic
transiting that ISP.
The work involved in co-ordinating two ISPs to detect and protect
against this type of situation is far more difficult than just
configuring BGP from the client out (imho).
Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
More information about the NANOG