Re: BGP filtering policies, UU, and you

[David Barak <thegameiam () yahoo com>]

Hi Henry,

I've snipped, and interleaved.

--- Henry Yen <henry () AegisInfoSys com> wrote:
> This part is the part that concerns me, as it is
> specifically
> our scenario:
>
> > assume one T1 to UU and one to <non-Verio
> provider>. 
>
> (make that one uunet link and more-than-one
> <provider>, as well
> as both private links as well as over-the-'net
> tunnels interconnecting
> some of our sites.)

The net effect is the same.  UU can and does listen to
announcements of its space from ASes other than 701 on
a routine basis.  There are many orgs which have a T1
to UU and a T3 to <provider>, but had the UU T1 first,
and thus received UU IP space.  


> > UU T1 goes down, therefore /22 withdrawn there,
> /22
> > announcement through <provider> becomes only
> route. 
> > Verio ignores this, and directs traffic to UU (via
> the
> > /14), and UU will then direct traffic to
> <provider>
> > because UU has very liberal routing policies.  So
> in
>
> Uh, what's "very liberal routing policies" mean? 
> (And which uunet
> URL details this?)  

Well, if you look at the soup of 63.64/10, you'll see
some examples of their liberal policies.  Here's one:

route-views.oregon-ix.net>sh ip bgp 63.69.154.0 | inc
701
  7018 1239 11548
  6079 701 1239 11548
  6066 701 1239 11548
  701 1239 11548
  6539 701 3561 11548
  14608 701 1239 11548

Notice that UU is propogating announcements from
Sprint and C&W from a downstream customer (11548) on
its own IP space.

I assume you mean that uunet
> will accept announcements
> for its own blocks (and specifics, not aggregates)
> from other
> <providers>; that is, I also advertise this uunet
> block on my
> other <provider> link, and they'll accept and
> propagate it (right?).
> And uunet will accept this route of their own block
> from <provider>?
> If this works as laid out, then uunet would realize
> that the
> uunet link is down and send traffic over to the
> other <provider>.

Demonstrated above.

> > the worst case, you could get some sub-optimal
> > routing, but nothing particularly bad, and Verio
> is
>
> No, not particularly bad, but not as good as it
> could be "if only"
> the block were allocated in class C space to begin
> with.
Personally, I think the fault lies with filtering on
legacy Class boundaries in the first place, rather
than on those ISPs who follow the RIR guidelines and
permit multi-homing out of CIDR blocks.

you say to-may-to, I say to-mah-to...

> I know this is NAnog, but we have important
> correspondents in Europe and
> Japan.
 
Accepted, but your biggest issue with those
correspondents will be the intercontinental links
anyway, not an extra peering AS.  As CAIDA and others
have reported, the internet is generally becoming more
densely meshed, so this will steadily decrease in
significance.


> > The bigger issue in that case would be getting the
> UU
> > line up faster :)
>
> Unfortunately, the vast majority of failure modes
> for our sites end
> up being dependent on the ILEC.  It's not a pretty
> picture.

ILEC failures rarely are.  

> -- 
> Henry Yen                                      
> Aegis Information Systems, Inc.
> Senior Systems Programmer                      
> Hicksville, New York


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/