Ettiquette and rules regarding Hijacked ASN's or IP space?
Jack Bates
jbates at brightok.net
Mon Jun 9 20:52:36 UTC 2003
Andy Dills wrote:
>
> What sorts of 'unique' routing policies justify an ASN?
>
ISP has a corporate customer that decides to multi-home. While ISP is
not multi-homed themselves, they must have an ASN to speak BGP and pass
routing information between their corporate customer and their provider.
So an ISP may not quite fit the bill. Imagine a holding company that
oversees a bunch of companies with independant networks, yet they all
meet up at the holding company's network. For ease of maintenance
between the companies (let's say there's 10 of them), they run BGP with
private ASNs and the holding company default routes to their provider.
Company X decides that they have a more network sensitive application
which requires extra redundancy. They bring up a circuit to another
network, get an ASN (as they are multi-homed now). In order for this to
work, the Holding company must run an ASN and speak bgp to it's provider
(and confederates are our friend).
I'm sure there are weirder routing policies, and some may even qualify
for an ASN and BGP without any section of the network or it's
downstreams being multi-homed. In some cases, it may be convenience or
security.
For example. In the above senario, what if some of the real IP addresses
held by a few of the companies should only be routed between the
companies and not out to the public Internet. In such a senario, one
could say that packet filtering is adequate, although not routing the
netblock to begin with would definately be more secure (and fall under a
routing policy requiring BGP in a non-multi-homed senario). With the
holding company running BGP to it's provider, which netblocks get routed
to the public and which go to companies X, Y, and Z only is trival. The
RiR's do not dictate what proper routing policy is. They manage the
assignments. Obviously, if all the companies fit within a /22, there
might be some complaints. If the companies had a /18+ of address space,
there might be just cause to allow them to do BGP and thus have an ASN,
even with a single peer.
-Jack
More information about the NANOG
mailing list