Non-ISP companies multi-homing?

Alec H. Peterson ahp at hilander.com
Fri Jul 25 13:07:32 UTC 1997 

On Fri, Jul 25, 1997 at 09:01:13AM -0400, Gordon Mercer wrote:
> 
> Don't think he did, Alec. Using communities would make it  
> much easier to filter the routes to the customer than  
> using confederation. I don't think there's any need to  
> implement confedrations here. Sounds like headaches I  
> don't need. Communities would allow you to filter very  
> specifically only routes coming from the router.

Well, comparing a 'real AS to a separate community' doesn't really
sound right to me.  Replacing community with confederation would make
more sense, although I do see your point.  However I believe JD's
point is that it isn't _necessary_ to get a separate ASN if you've got
a small downstream who doesn't care about having his AS visible to the
outside world.

> 
> The real problem here is that the ISP with the EBGP  
> session still depends on the ISP with the IBGP session to  
> do things correctly, unless customer routes are filtered  
> at a network level -- Something I've never liked doing,  
> but always felt was necessary.

Unfortunately it is, as the AS7007 disaster illustrated all too
clearly.

> 
> How can I have a setup that is flexible enough to satisfy  
> my customer (and my workload) but safe for me? 

MCI has a route registry that you send updates to just like the RADB
(the RADB and MCI RR actually exchange data).  I believe MCI then
builds network-based access lists based on that database.

> I've had customers running OSPF with one of my routers that was
> redistributing OSPF into BGP, and it was probably one of the
> stupidest mistakes I've ever made.  

NONONONONO!  Speaking IGP with customers bad!

> Screwed me when some dumbass decided he could use whatever networks
> he wanted on the Sun they were running gated on.

Yep, there's the problem.  BGP was designed to be an inter-domain
routing protocol, and should be used as such.  Unfortunately we need
some sort of network-level control over what a customer sends
upstream.  Implementing some sort of automated scheme (like the MCI RR
for example) is IMO the only scalable way of doing so.

Alec

-- 
+------------------------------------+--------------------------------------+
|Alec Peterson - ahp at hilander.com    | Erols Internet Services, INC.        |
|Network Engineer                    | Springfield, VA.                     |
+------------------------------------+--------------------------------------+

More information about the NANOG mailing list