BGP advertisements of peering points

• Previous message (by thread): Its official: www.whitehouse.gov was not down
• Next message (by thread): BGP advertisements of peering points
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy,

andym at ntt.net said:
> I've noticed some ISPs (BBN (*ahem* GTE), UUNET and Verio
> specifically) are advertising the PAIX peering network (198.32.176.0)
> as originating from their AS. 
>
> Is this a common practice for all ISPs, or just enough to make the IX 
> reachable

Normally this is up to the exchange point. Several, like LINX in the
UK, have their own AS to correctly originate this. Announcing the
DMZ unilaterally is not good practice. This often courses problems
for some people with "unprotected" networks who carry around the
next hop of routes external to their AS as the address on the DMZ
and expect the DMZ route to be carried in their IGP, as if they
accept a BGP route for the DMZ it will often have a better administrative
weight and they will send traffic to the advertiser/leaker. Sane
people protect their networks with inbound BGP filters. Many sane
people also carry around loopback addresses only internally rather
than DMZ's over whose announcement they have little control (on
Cisco's set next-hop-self on iBGP peerings - there is little reason
not to).

IMHO the exchange point originating the DMZ in their own AS with defined
transit arrangements for this AS *is* good practice. Others' religions
may vary.

-- 
Alex Bligh
GX Networks (formerly Xara Networks)

• Previous message (by thread): Its official: www.whitehouse.gov was not down
• Next message (by thread): BGP advertisements of peering points
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]