nanog mailing list archives

Re: question about AS relationship

From: Song Li <refresh.lsong () gmail com>
Date: Fri, 21 Feb 2014 19:57:45 +0800

Thanks. I'm doing some research on route leaks, you are a great help to me.

Sky li

On Friday, February 21, 2014 08:57:07 AM Song Li wrote:

the AS relationship between AS1 and AS2/3 is peer, and
AS1 cannot announce routes from AS3 to provider1 by
rule.


Or even Peer-AS2's routes to Peer-AS3 (and vice versa), in
general best practice filtering rules, unless transit is
requested.

But if AS1 do it, and the realtionship between AS1
and AS3 is invisible to provider1, how can provider1
detect this route leak without knowing the privacy?


Provider-1 wouldn't care whether it's a route leak or not.
In Provider-1's mind, Peer-AS3 could (suddenly) be a
customer of AS1. And since AS1 is a customer of Provider-1,
Provider-1 will be happy to move those packets along as it
represents more revenue for Provider-1 (more so if traffic
is sold on a 95th percentile or volume utilization basis).

It is, really, up to AS3 to detect that AS1 has leaked its
routes (or paths, to be precise) to Provider-1, and then
pick up the phone and scream at AS1 to get that leak fixed
plugged.

Of course, all of this is a moot point if Provider-1 is a
good provider and makes sure they only accept routes and
paths from AS3 that AS3 should be sending to Provider-1 in
the first place. But as we know, some providers are a bit
(actually, very) lazy here.

In other words, could the business relationship between
AS1 and AS3 be known to provider1/2?


Not really (or not that easily, to be specific).

With enough time and access to several looking glasses and
public route servers, one could "infer" (to a certain degree
of error) business relationships between peering
relationships, i.e., whether they relationships are
customer, peer or provider.

But in your particular case, unless AS3 has a direct
connection toward Provider-1/2 (where a route leak would
introduce more problems), Provider-1/2 don't really care
about whether this is a leak or not from AS1.

But again, this whole discussion is mooted if Provider-1/2
do proper background checks and filtering before they turn-
up the service for AS1.

Mark.



--
Song Li
Room 4-204, FIT Building,
Network Security,
Department of Electronic Engineering,
Tsinghua University, Beijing 100084, China
Tel:( +86) 010-62446440
E-mail: refresh.lsong () gmail com

Current thread:

question about AS relationship Song Li (Feb 20)
- Re: question about AS relationship Christopher Morrow (Feb 20)
  - Re: question about AS relationship Mark Tinka (Feb 20)
    - Re: question about AS relationship Song Li (Feb 20)
    - Re: question about AS relationship Mark Tinka (Feb 20)
    - Re: question about AS relationship Christopher Morrow (Feb 20)
    - Re: question about AS relationship Song Li (Feb 20)
    - Re: question about AS relationship Mark Tinka (Feb 21)
    - Re: question about AS relationship Song Li (Feb 21)
- Re: question about AS relationship William Herrin (Feb 20)
- Re: question about AS relationship Ricky Beam (Feb 20)
  - Re: question about AS relationship Mark Tinka (Feb 20)