Regional AS model

Jeff Wheeler jsw at
Mon Mar 28 17:37:31 CDT 2011

On Mon, Mar 28, 2011 at 5:40 PM, Owen DeLong <owen at> wrote:
> I agree that allowas-in is not as bad as default, but, I still think that having one AS per routing policy makes a hell of a
> lot more sense and there's really not much downside to having an ASN for each independent site.

Well, let's say I'm a a medium/large transit network like Hurricane
Electric, with a few far-flung POPs that have "backup transit."  I've
got a POP in Miami, Minneapolis, or Toronto which has single points of
backbone failure, e.g. one circuit/linecard/etc might go down, while
the routers at the POP remain functional, and the routers in the rest
of the network remain functional.  What happens?

1) with allowas-in your remote POP will still learn your customers'
routes by any transit you might have in place there
2) with default route toward transit (breaking uRPF) you would not
learn the routes but still be able to reach everything
3) with neither of these solutions, your single-homed customers at the
broken POP could not reach single-homed customers elsewhere on your
backbone, even if you have "backup transit" in place.

I'm not bashing on HE for possibly having a SPOF in backbone
connectivity to a remote POP.  I'm asking why you don't choose to use
a different ASN for these remote POPs.  After all, you prefer that
solution over allowas-in or default routes.

Oh, that's right, sometimes you have a business and/or technical need
to operate a single global AS.  Vendors have given us the necessary
knobs to make this work right.  There's nothing wrong with using them,
except in your mind.

Should every organization with a backbone that has an SPOF grab some
more ASNs?  No.  Should every organization with multiple distinct
networks and no backbone use a different ASN per distinct network?
IMO the answer is probably yes, but I am not going to say it's always

I'll agree with you in a general sense, but if your hard-and-fast rule
is that every distinct network should be its own ASN, you had better
start thinking about operational failure modes.  Alternatively, you
could allow for the possibility that allowas-in has plenty of
legitimate application.

Jeff S Wheeler <jsw at>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list