AGIS Route Flaps Interrupting its Peering?

Peter Kline, Sr. Network Engineer peter at
Fri Jul 5 17:39:53 UTC 1996

At 06:41 AM 7/5/96 +0100, Sean Doran wrote:
>| Since ANS seems to be passing our interface address as the
>| next-hop directly to some nets (e.g., Digex and Advantis), the failure
>| as I described above did lead to a loss of connectivity between AGIS
>| and at least Digex and Advantis.  Pending the solution of the MFS
>| problem, it would have been possible to work around the issue if the
>| affected nets had routed _through_ their transit provider.
>Let me reiterate the point that propagating third-party
>next-hops in the absence of guaranteed fate-sharing is EVIL,
>or at least very very risky.

I agree.

>My opinion is probably at one pole of the spectrum of ideas
>about NAPs and MAEs, however it's essentially this: do not 
>propagate other people's next-hops at all to your NAP/MAE peers,
>either using next-hop-self (or the equivalent) or announcing only 
>those prefixes for which you have yourself as a next-hop.  Moreover,
>one should be very cagey about accepting third-party next-hops
>from one's peers, and either refuse routes with such next-hops,
>or (with permission only), rewrite the next-hops in question,
>unless there is a very good reason to do otherwise.

AGIS always configures with next-hop-self, so that the only way we can
propagate a nonworking next-hop is if our own router is down.  I'm
considering seriously Sean's recommendation about vetting next hops from others.

>an issue.  However, this should not be the default behaviour
>at any exchange-point, because the AGIS/DIGEX disconnectivity
>is a well-known and formerly oft-seen problem.

If "well-known" means "the net is all a-twitter about it", then I agree.  If
"well-known" means "seen over a long period of time" then I disagree.  In
any case, as Sean now characterizes the problem as "formerly", he obviously
considers it fixed.  Further, as AGIS sees AS2548 directly at MAE-East, as
well as behind AS690 and AS1239_1800 (!), we'd have to be broken two or
three ways at each of 5 exchange points to completely lose connectivity to

>On another front, *weird* MAE and NAP setups have caused
>so much trouble that I sometimes wonder when the next time
>I get to say "I told you so" about multi-fabric-bridging-from-hell
>will be, and how bad it will hurt.

I'm afraid it will be all too soon.  LAN-based exchange points presuppose
that every router at the exchange point will want to talk to every other
router at the exchange point.  That deprives the router operator of some
meaningful control. 


Peter Kline  Senior Network Engineer|                    313-730-5151
AGIS - Internet Backbone Services   |                _Lucem Diffundo_
Post-Traumatic Success Disorder+    |
You can pretend to care, but you can't pretend to be there.

More information about the NANOG mailing list