nanog mailing list archives

Re: Communities

From: alex () yuriev com
Date: Mon, 15 Oct 2001 16:14:37 -0400 (EDT)

Hypothetical example with real names:

Let's say that I have transit from 6347 and 2914.  Now let's say
that I'm stupid, and start advertising routes that I learn from
2914 into 6347, and that 6347 isn't filtering my as-paths or
netblocks.  [Note: 6347 does know better in the real world.]


Gee, this is already something that can easily be solved - route-maps are
your friends. The moment you do something like this you *will* get filtered.

Now a customer ("Network X") of 6347 and 1239 will see 2914
netblocks via

      6347 19358 2914
      6347 { 701 | 1239 | 3561 } 2914
      1239 2914

assuming that:

+ 1239/2914 directly connect
+ 6347/2914 do not directly connect
+ 6347 obtains transit to 2914 via 701, 1239, and 3561.

6347 learns 2914 routes from 701; 1239; 3561; and (wrongly) me,
19358... then chooses a best route to redistribute.  Because 6347
sells transit to me, they'll give my routes higher local-pref
than their peers or upstreams.  Thus, for any 2914 netblock, I
become the preferred egress from 6347.  Problem #1.


You are missing a few little things - if 6347 does not filter and you
redistribute 2914 routes to 6347, you will redistribute entire view of the
world from perspective of 2914, since 2914 if your upstream provider as
well. Since 6347 prefers your routes, you will become exit point for all
non-customer traffic of 6347, which is going to be immediately detected.

All of this of course is exercise in typing since everyone sane has some
knobs that they set to make sure that their customers do not blow up their
entire network.

Now lets say that Network X uses local-pref to penalize

      _1239_.*_2914

Network X sees:

      6347 19358 2914
      1239 2914

Network X's local-pref policies in their route-maps makes the
latter one undesirable.  Problem #2, and the [extreme] example
in my prior post.

Some old-timers help me out:  IIRC, 3561 got blackholed in 1997
by bad BGP from another well-known network... but I don't want
to say more in case my memory is bad.


7007 problem was different. The issue was that 7007 redistributed EGP into
classful IGP, which got redistributed back into IGP, which of course broke
AS_PATH loop detection in addition to creating a set of higher specificity
routes.


Alex

Current thread:

Communities Iljitsch van Beijnum (Oct 15)
- Re: Communities E.B. Dreger (Oct 15)
  - Re: Communities Iljitsch van Beijnum (Oct 15)
    - Re: Communities E.B. Dreger (Oct 15)
    - Re: Communities alex (Oct 15)
    - Re: Communities alex (Oct 15)
    - Re: Communities Iljitsch van Beijnum (Oct 16)
    - Re: Communities Niels Bakker (Oct 16)
    - Re: Communities Iljitsch van Beijnum (Oct 16)
    - Re: Communities Niels Bakker (Oct 16)
    - Re: Communities Iljitsch van Beijnum (Oct 16)
    - Re: Communities E.B. Dreger (Oct 16)
    - Re: Communities Niels Bakker (Oct 16)
    - Re: Communities E.B. Dreger (Oct 16)
    - Re: Communities Niels Bakker (Oct 17)

(Thread continues...)