Non-ISP companies multi-homing?
Alec H. Peterson
ahp at hilander.com
Fri Jul 25 13:07:32 UTC 1997
On Fri, Jul 25, 1997 at 09:01:13AM -0400, Gordon Mercer wrote:
>
> Don't think he did, Alec. Using communities would make it
> much easier to filter the routes to the customer than
> using confederation. I don't think there's any need to
> implement confedrations here. Sounds like headaches I
> don't need. Communities would allow you to filter very
> specifically only routes coming from the router.
Well, comparing a 'real AS to a separate community' doesn't really
sound right to me. Replacing community with confederation would make
more sense, although I do see your point. However I believe JD's
point is that it isn't _necessary_ to get a separate ASN if you've got
a small downstream who doesn't care about having his AS visible to the
outside world.
>
> The real problem here is that the ISP with the EBGP
> session still depends on the ISP with the IBGP session to
> do things correctly, unless customer routes are filtered
> at a network level -- Something I've never liked doing,
> but always felt was necessary.
Unfortunately it is, as the AS7007 disaster illustrated all too
clearly.
>
> How can I have a setup that is flexible enough to satisfy
> my customer (and my workload) but safe for me?
MCI has a route registry that you send updates to just like the RADB
(the RADB and MCI RR actually exchange data). I believe MCI then
builds network-based access lists based on that database.
> I've had customers running OSPF with one of my routers that was
> redistributing OSPF into BGP, and it was probably one of the
> stupidest mistakes I've ever made.
NONONONONO! Speaking IGP with customers bad!
> Screwed me when some dumbass decided he could use whatever networks
> he wanted on the Sun they were running gated on.
Yep, there's the problem. BGP was designed to be an inter-domain
routing protocol, and should be used as such. Unfortunately we need
some sort of network-level control over what a customer sends
upstream. Implementing some sort of automated scheme (like the MCI RR
for example) is IMO the only scalable way of doing so.
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - ahp at hilander.com | Erols Internet Services, INC. |
|Network Engineer | Springfield, VA. |
+------------------------------------+--------------------------------------+
More information about the NANOG
mailing list