Re: Single AS multiple Dirverse Providers

[Leo Bicknell <bicknell () ufp org>]

On Jun 10, 2013, at 2:22 PM, Patrick W. Gilmore <patrick () ianai net> wrote:

> Is it enough to keep the standard? Or should the standard have a specific carve out, e.g. for stub networks only, not 
> allowing islands to provide transit. Just a straw man.

For the moment I'm not going to make a statement one way or another if this should be enshrined in an RFC or not...

I would like to be able to apply a route map to "allow as in" behavior:

ip prefix-list SPECIAL permit 192.168.0.0/24
!
route-map SAFETY permit 10
  match ip prefix-list SPECIAL
  set community no-export
!
router bgp XXX
  neighbor a.b.c.d allowas-in route-map SAFETY

This is a belt and suspenders approach; first you can limit this behavior to only the netblocks you use at other 
locations, and be extra safe by marking them no-export on the way in.  Implementation should be easy, anything that 
would normally be rejected as an AS-Path loop gets fed into the route-map instead.

This would mitigate almost all of the bad effects I can think of that can happen when the network and/or its upstreams 
fail to properly apply filters and all the sudden there are a lot more routes "looping" than should be, and no 
mechanism to stop them anymore! :)

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/