RE: best practice for advertising peering fabric routes

["Siegel, David" <David.Siegel () Level3 com>]

UUnet once advertised the /24 for MAE-East to me (well, Net99), and because I also had it in my IGP, my network was 
using UUnet's backbone for west-to-east coast traffic for a couple of days until I noticed and fixed it (with 
next-hop-self).

I agree 100% with Patrick and others on this point.  No good can come from propagating IXP address space any further 
than is absolutely necessary.  Best not to propagate it at all.

Dave


-----Original Message-----
From: Patrick W. Gilmore [mailto:patrick () ianai net] 
Sent: Wednesday, January 15, 2014 8:57 AM
To: NANOG list
Subject: Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 10:44 , William Herrin <bill () herrin us> wrote:
> On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore <patrick () ianai net> wrote:

> > NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. 
> > An IXP LAN should not be reachable from any device not directly 
> > attached to that LAN. Period.
> >
> > Doing so endangers your peers & the IX itself. It is on the order of 
> > not implementing BCP38, except no one has the (lame, ridiculous, 
> > idiotic, and pure cost-shifting BS) excuse that they "can't" do this.
>
> Hi Patrick,
>
> I have to disagree with you. If it appears in a traceroute to 
> somewhere else, I'd like to be able to ping and traceroute directly to 
> it. When I can't, that impairs my ability to troubleshoot the all too 
> common can't-get-there-from-here problems. The more you hide the 
> infrastructure, the more intractable problems become for your 
> customers.
>
> The IXP LAN should be reachable from every device on the ASes which 
> connect to it, not just the immediate router.

We disagree.

Plus, you really can't type "ping" on the router connected to the IXP?

_If_ you can guarantee your network has zero bots, abusable [DNS|NTP|etc.] servers, all your downstreams are perfectly 
clean, etc., etc., then maybe I could see you carrying it in your IGP.

As I know 100% of ISPs (to at least one decimal place) cannot make such a guarantee, then doing so puts the IXP and all 
other members - whether peers of yours or not - at risk. Putting others at risk because you are lazy or because it 
makes your life easier is .. I believe I called it bad manners before.


But let's take the philosophical out of this. The prefix in question is owned by the IXP. I said in an earlier post 
that if you carry a prefix I own, did not announce to you, and make it very clear I specifically do not want you to 
carry, I will ask you to stop or face possible disconnection. You may claim convergence (a bit of BS), troubleshooting 
(non-issue, IMO), or even "but I waaaaaaaaaaaant to!!1!1!" (whatever). Doesn't matter. That's not your prefix, you were 
not given it and told not to carry it, so Do Not Carry It.

Ask your IXP if they mind whether you carry the prefix. See what they say.

--
TTFN,
patrick