/19 addresses and redundancy
phil at charon.milepost.com
Thu Nov 6 03:49:54 UTC 1997
Steve Camas writes...
> Are there ways around this?
Route filtering is not the end of the world.
Suppose your network and AS are connected between ISP-A and ISP-B. You
have a small /20 space from ISP-A. Now supposed ISP-C does filtering that
blocks your announcements from going over their network.
ISP-A will continue to announce the larger block that contains your small
block. Thus for your network there will be a choice of two routes. Where
both routes show up, _your_ route will be preferred because it is more
specific for your prefix. The rest of the large block will go some other
way. So the fact that ISP-A has an "umbrella announcement" over you will
have no effect on your announcements.
Within ISP-C, however, your announcement will be gone. But the "umbrella
announcement" will be there, directing your traffic out over ISP-C's best
route to ISP-A. You will _not_ be unreachable.
When your traffic from ISP-C going to ISP-A finally reaches a router that
has no filtering, then your own route will be seen. Depending on topology,
at that point the best route to you may still be ISP-B. Whichever it is
will now be the way your traffic goes. It could be ISP-B or ISP-A.
Now suppose you lose your T1 to ISP-B. Everything will come to you via
ISP-A because there is _your_ route as well as ISP-A's "umbrella route".
Now suppose ISP-B is working and you lose your T1 to ISP-A. Your routes
go out over ISP-B. The "umbrella route" will still come out to the world
from ISP-A, but that won't matter because _your_ more specific route will
be chosen anyway.
But what about places behind ISP-C's filter that don't see your route at
all? Your traffic will be guided out of ISP-C by ISP-A's "umbrella route"
alone, but once a router is reached that has both routes, then your more
specific route coming _only_ from ISP-B will be used, even if that router
belongs to ISP-A (e.g. ISP-C peered to ISP-A directly).
The scenario that will cause your network to be unreachable will be when
ISP-A's "umbrella route" is no longer available. The smallest scale of
failure would be the originating router being down. And this will only
affect locations behind ISP-C's filters. Other places still see your
routes via ISP-B.
Your problem, Steve, is that your current ISP is ISP-C. They are a route
filtering ISP. You need to either make sure they let your announcements
out to the world at all of their peers (and getting this right may be a
very difficult chore for these large bureaucractically driven companies)
or choose ISPs that don't filter.
You also need to make sure that the ISPs do not filter routes for parts
of their own blocks coming in from other peers. If ISP-A did such filtering,
then their own customers will find you unreachable, as well as those in ISP-C
if ISP-C sends traffic for you into ISP-A.
I know of no ISPs doing such a thing, but I actually discussed this with
an engineer at MCI and verified that they indeed take announcements for
their own networks back in over peers, so if you had MCI address space
and your only working link was to another ISP, MCI will route to you via
that ISP. I'm sure most others will, too, if they don't filter your route
on the basis of your prefix size. That's why staying on Sprint can be a
problem if you want to multi-home with a network smaller than a /19.
Phil Howard | Is your website up right now?
KA9WGN | If you subscribed to Red Alert you'd know for sure
phil at milepost dot com | http://www.redalert.com/
More information about the NANOG