nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question about AS relationship

From: Song Li <refresh.lsong () gmail com>
Date: Fri, 21 Feb 2014 14:57:07 +0800

                +----------+  +---------+
                | provider1|  |provider2|
                +----------+  +---------+
                       ^       ^
                       |       |
                       |       |
       +--------+     ++-------++    +----------+
       |peer AS2+-----+  AS 1   +----+peer AS3  |
       +--------+     +---------+    +----------+
                       ^       ^
                       |       |
             +------------+  +-------------+
             |customer AS4|  |customer AS5 |
             +------------+  +-------------+
um....

sorry, my question is:
the AS relationship between AS1 and AS2/3 is peer, and AS1 cannot announce routes from AS3 to provider1 by rule. But if AS1 do it, and the realtionship between AS1 and AS3 is invisible to provider1, how can provider1 detect this route leak without knowing the privacy?
In other words, could the business relationship between AS1 and AS3 be known to provider1/2? 

Thanks.

Sky li



perhaps you should draw a little ascii art, I think you're asking:

DS1 - customer - you - isp

"can DS1's relationship to 'customer' be secret"

no. well, not if they want:
   1) to use a public ASN
   2) use ip space which isn't part of 'customer' aggregate
   3) want to be reachable on the internet

It's safe to say that your goal as an ISP and a customer of an ISP, should be:
   "Make sure that all of my routes and the routes of my customers and
their customers, that I'm expected to provide transit for, are in my
ISP's filters."

-chris
(and as someelse pointed out: "If they use BGP and expect global
reachabilty... then the information isn't private anyway.")


--
Sky Li



On Thursday, February 20, 2014 08:09:35 PM Christopher
Morrow wrote:



so, yes. pleass tell your upstream your customers so
proper filtering can be automated and implemented.

don't turn up bgp customers without filtering, that kills
kittens.


For all the leaking I've seen in the last four weeks
(including a well-known operator that was involved in the
Youtube/Pakistan saga + other well-known global operators
that could be classified as "a reasonably large tier"),
we're still a long way away ensuring all customer prefixes
are filtered correctly at the inter-domain peering edge. A
loooooooong way away...

Mark.
Previous By Date Next
Previous By Thread Next

Current thread: