Firewall Wizards mailing list archives
Re: dual ISP connections
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Wed, 5 Jul 2006 15:18:51 +0200
Hello!
The outgoing is not so hard with BGP. The incomming traffic is the interesting thing.
True.
You can pre-pend some AS info to one of your ISPs, but sometimes the balancing is complete unbalanced. Also you can split your IP space to try to balance some traffic.
Splitting your IP space into smaller pieces is strongly discouraged. You are cluttering the default free zone with multiple prefixes where one would be sufficient and your announcements may even be filtered and blocked. E.g. in the RIPE area the smallest PA allocation is a /20. There are ISPs who assume that any longer prefix out of the RIPE address range is a bogus announcement. Reasonable upstreams provide community attributes to prepend when announcing to certain big players. E.g. one of our upstreams: $ whois -r AS12306 ... remarks: C o m m u n i t y D e f i n i t i o n s remarks: remarks: 12306:1000 do not announce at the DE-CIX remarks: 12306:1011 single prepend when announcing at the DE-CIX remarks: 12306:1012 double prepend when announcing at the DE-CIX remarks: 12306:1013 triple prepend when announcing at the DE-CIX remarks: 12306:1014 quad prepend when announcing at the DE-CIX remarks: remarks: 12306:3000 do not announce to DTAG AS3320 remarks: 12306:3011 single prepend when announcing to DTAG AS3320 remarks: 12306:3012 double prepend when announcing to DTAG AS3320 remarks: 12306:3013 triple prepend when announcing to DTAG AS3320 remarks: 12306:3014 quad prepend when announcing to DTAG AS3320 remarks: remarks: 12306:4000 do not announce at the INXS remarks: 12306:4011 single prepend when announcing at the INXS remarks: 12306:4012 double prepend when announcing at the INXS remarks: 12306:4013 triple prepend when announcing at the INXS remarks: 12306:4014 quad prepend when announcing at the INXS remarks: remarks: 12306:9100 do not announce to CW remarks: 12306:9111 single prepend when announcing to CW remarks: 12306:9112 double prepend when announcing to CW remarks: 12306:9113 triple prepend when announcing to CW remarks: 12306:9114 quad prepend when announcing to CW remarks: remarks: 12306:9200 do not announce to ABOVENET AS6461 remarks: 12306:9211 single prepend when announcing to ABOVENET remarks: 12306:9212 double prepend when announcing to ABOVENET remarks: 12306:9213 triple prepend when announcing to ABOVENET remarks: 12306:9214 quad prepend when announcing to ABOVENET remarks: ... Regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit -- punkt.de GmbH Internet - Dienstleistungen - Beratung Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100 76137 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: dual ISP connections Eagle Fire (Jul 05)
- Re: dual ISP connections Patrick M. Hausen (Jul 05)
- Re: dual ISP connections Eagle Fire (Jul 09)
- SNMP RW ASA 7.2.1 Pablo Perez (Jul 19)
- Re: SNMP RW ASA 7.2.1 Victor Williams (Jul 19)
- Re: SNMP RW ASA 7.2.1 Brian Loe (Jul 19)
- Re: SNMP RW ASA 7.2.1 Victor Williams (Jul 20)
- Re: SNMP RW ASA 7.2.1 Pete Capelli (Jul 21)
- Re: SNMP RW ASA 7.2.1 Pablo PĂ©rez (Jul 21)
- Re: SNMP RW ASA 7.2.1 R. DuFresne (Jul 21)
- Re: SNMP RW ASA 7.2.1 R. DuFresne (Jul 21)
- Re: dual ISP connections Patrick M. Hausen (Jul 05)