"Tactical" /24 announcements

William Herrin bill at herrin.us
Mon Aug 16 16:05:53 UTC 2021

On Mon, Aug 16, 2021 at 7:10 AM Jason Pope <boards188 at gmail.com> wrote:
> >On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher <hank at interall.co.il> wrote:
> >> How does this break the Internet?
> >
> >A originates to paid transit C
> >B originates also to paid transit C
> >C offers both routes to D. D discards from the RIB based
> >on same-next-hop
> >You peer with A and D. You receive only since A doesn't
> >originate and D has discarded it.
> >You send packets for to A (the shortest path for
> >, stealing A's paid transit to C to get to B.
> >Unless A filters C-bound packets purportedly from B
> >doesn't currently transit for A so from B's perspective that's not an
> >allowed path. In which case, your path to is black holed.
> >
> >D broke the Internet. If packets from you reach A at all, they do so
> >through an unpermitted path.
> Ok, I apologize, but I have some dumb questions (because I don't BGP anymore):
> 1) I assume in the scenario that A "owns" (ARIN assignment) and if B has a /24 assignment out of the block that A "owns", shouldn't that mean that B has a business relationship with A and some kind of direct connectivity to A?

Hi Jason,

Not necessarily. It isn't modern practice but as others have pointed
out there have been instances where a customer took an ISP-assigned
block with them when they left.

> 3) If "yes", then the connectivity wouldn't be broken, right?

Not necessarily. You have to consider the route in -all- of the states
it can be in, including the one where they're not, at this moment,
successfully connected to the ISP which assigned the addresses. I
offered a scenario in a prior post where the ISP's peering router
carries only locally-originated and customer routes. When the customer
loses their connection to the ISP (e.g. cable cut) their route
disappears from the peering router. The users of the ISP can still
reach it via the origin's alternate Internet connection.

Reciprocal peers of the ISP can also reach it via the broader Internet
but can't reach it via the peering connection to the ISP to whom the
origin is not currently connected. If they filter the Internet route,
the path ends up going to the ISP's peering router where it's black

Bill Herrin

William Herrin
bill at herrin.us

More information about the NANOG mailing list