BCP38 For BGP Customers

• Previous message (by thread): BCP38 For BGP Customers
• Next message (by thread): BCP38 For BGP Customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 7, 2022 at 12:30 PM Tony Wicks <tony at wicks.co.nz> wrote:
> use prefix lists to prevent your customer networks being received
> anywhere but directly from your customers to prevent them using
> your capacity without paying for it however.

Hi Tony,

Do not do this either as it will render your entire network
unreachable to your customer during an outage of their direct circuit.
Multihomed means you may legitimately receive their prefix
announcement from both their direct link and from your upstream
transit provider.

You CAN, tag announcements received directly from your customers with
a BGP community and then filter routes without that tag when offering
the announcement to your upstream transits. That will have the effect
you're looking for - preventing inappropriate free transit. This is
rarely necessary - unless your network is unusually complex the
additional AS path length of a rebroadcast announcement will generally
prevent such transrouting.

The problem tends to creep in when you have both reciprocal peers and
customers and then a customer's route announcement appears via the
peer. You have to make sure the announcement from the peer is neither
capable of being rebroadcast upstream nor capable of beating the
direct announcement when the direct announcement is present. That
takes some subtle work with BGP communities and route filtering. How
subtle? The routes from the peer may be more specific than the direct
routes.

Regards,
Bill Herrin




-- 
For hire. https://bill.herrin.us/resume/

• Previous message (by thread): BCP38 For BGP Customers
• Next message (by thread): BCP38 For BGP Customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]