North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Non-ISP companies multi-homing?
On Fri, Jul 25, 1997 at 09:01:13AM -0400, Gordon Mercer wrote: > > Don't think he did, Alec. Using communities would make it > much easier to filter the routes to the customer than > using confederation. I don't think there's any need to > implement confedrations here. Sounds like headaches I > don't need. Communities would allow you to filter very > specifically only routes coming from the router. Well, comparing a 'real AS to a separate community' doesn't really sound right to me. Replacing community with confederation would make more sense, although I do see your point. However I believe JD's point is that it isn't _necessary_ to get a separate ASN if you've got a small downstream who doesn't care about having his AS visible to the outside world. > > The real problem here is that the ISP with the EBGP > session still depends on the ISP with the IBGP session to > do things correctly, unless customer routes are filtered > at a network level -- Something I've never liked doing, > but always felt was necessary. Unfortunately it is, as the AS7007 disaster illustrated all too clearly. > > How can I have a setup that is flexible enough to satisfy > my customer (and my workload) but safe for me? MCI has a route registry that you send updates to just like the RADB (the RADB and MCI RR actually exchange data). I believe MCI then builds network-based access lists based on that database. > I've had customers running OSPF with one of my routers that was > redistributing OSPF into BGP, and it was probably one of the > stupidest mistakes I've ever made. NONONONONO! Speaking IGP with customers bad! > Screwed me when some dumbass decided he could use whatever networks > he wanted on the Sun they were running gated on. Yep, there's the problem. BGP was designed to be an inter-domain routing protocol, and should be used as such. Unfortunately we need some sort of network-level control over what a customer sends upstream. Implementing some sort of automated scheme (like the MCI RR for example) is IMO the only scalable way of doing so. Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - [email protected] | Erols Internet Services, INC. | |Network Engineer | Springfield, VA. | +------------------------------------+--------------------------------------+
|