question about AS relationship
Mark Tinka
mark.tinka at seacom.mu
Fri Feb 21 09:13:20 UTC 2014
On Friday, February 21, 2014 08:57:07 AM Song Li wrote:
> the AS relationship between AS1 and AS2/3 is peer, and
> AS1 cannot announce routes from AS3 to provider1 by
> rule.
Or even Peer-AS2's routes to Peer-AS3 (and vice versa), in
general best practice filtering rules, unless transit is
requested.
> But if AS1 do it, and the realtionship between AS1
> and AS3 is invisible to provider1, how can provider1
> detect this route leak without knowing the privacy?
Provider-1 wouldn't care whether it's a route leak or not.
In Provider-1's mind, Peer-AS3 could (suddenly) be a
customer of AS1. And since AS1 is a customer of Provider-1,
Provider-1 will be happy to move those packets along as it
represents more revenue for Provider-1 (more so if traffic
is sold on a 95th percentile or volume utilization basis).
It is, really, up to AS3 to detect that AS1 has leaked its
routes (or paths, to be precise) to Provider-1, and then
pick up the phone and scream at AS1 to get that leak fixed
plugged.
Of course, all of this is a moot point if Provider-1 is a
good provider and makes sure they only accept routes and
paths from AS3 that AS3 should be sending to Provider-1 in
the first place. But as we know, some providers are a bit
(actually, very) lazy here.
> In other words, could the business relationship between
> AS1 and AS3 be known to provider1/2?
Not really (or not that easily, to be specific).
With enough time and access to several looking glasses and
public route servers, one could "infer" (to a certain degree
of error) business relationships between peering
relationships, i.e., whether they relationships are
customer, peer or provider.
But in your particular case, unless AS3 has a direct
connection toward Provider-1/2 (where a route leak would
introduce more problems), Provider-1/2 don't really care
about whether this is a leak or not from AS1.
But again, this whole discussion is mooted if Provider-1/2
do proper background checks and filtering before they turn-
up the service for AS1.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140221/39645170/attachment.sig>
More information about the NANOG
mailing list