RE: Level 3 BGP Advertisements

[Harry Hoffman <hhoffman () ip-solutions net>]

This is what happens when old network folk don't learn about new convention or new network / security folk read old 
books.
And it happens alot!
Although not as common as blanket blocking of ICMP .
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

"STARNES, CURTIS" <Curtis.Starnes () granburyisd org> wrote:

Sorry for the top post...

Not necessarily a Level 3 problem but;

We are announcing our /19 network as one block via BGP through AT&T, not broken up into smaller announcements.
Earlier in the year I started receiving complaints that some of our client systems were having problems connecting to 
different web sites.
After much troubleshooting I noticed that in every instance the xlate in our Cisco ASA for the client's IP last octet 
was either a 0 or 255.
Since I am announcing our network as a /19, the subnet mask is 255.255.224.0, that would make our network address 
x.x.192.0 and the broadcast x.x.223.255.
So somewhere the /24 boundary addresses were being dropped.

Just curious if anyone else has seen this before.

-----Original Message-----
From: William Herrin [mailto:bill () herrin us] 
Sent: Wednesday, August 29, 2012 3:36 PM
To: nick () flhsi com
Cc: nanog () nanog org
Subject: Re: Level 3 BGP Advertisements

On Wed, Aug 29, 2012 at 3:28 PM, Nick Olsen <nick () flhsi com> wrote:
> In practice, We've always advertised our space all the way down to 
> /24's but also the aggregate block (the /20 or the /21). Just so there 
> was still reachability to our network in the event that someone made 
> the foolish mistake of filtering lets say prefixes smaller /23...
>
> Anyways, I've always thought that was standard practice.

That's very poor practice. Each announcements costs *other people* the better part of $10k per year. Be polite with 
other peoples' money. If the /24 shares the exact same routing policy as the covering route, announce only the covering 
route.

For all the good it'll do you, you can break it out to /24's when and if someone mis-announces one of your address 
blocks. Competing announcements of the /24 still won't leave you with correct connectivity. If anything, putting the 
/24 announcement in ahead of time will delay your detection of the problem by causing a partial failure instead of a 
total one.


> I noticed that while the /24's made it out to the world. The larger 
> counterparts (2 /21's and a /20) did not. So, I start sniffing around. 
> Find that I do indeed see the prefixes in Level 3's looking glass but 
> they aren't handing it off to peers. So, Naturally, I land on this 
> being some kind of prefix filtering issue and open a ticket with Level 
> 3. They tell me this is standard practice. And If I want to see the 
> /20 or /21's make it out to the rest of the world, I need to stop sending the /24's.
>
> Does this sound normal?

That's insane. Assuming you're authorized to announce that address space, Level 3 should be propagating your 
announcements exactly as you make them. As only one of your peers, they're in no position to understand the traffic 
engineering behind your announcement choices.
If they are acting as you say, they are dead wrong to do so.

Regards,
Bill Herrin



--
William D. Herrin ................ herrin () dirtside com bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>; Falls Church, VA 22042-3004