|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical BGP Question - how do work around pigheaded ISPs
Hey there. Due to the pigheadedness of a specific ISP (which I wil *not* allude to in any way, shape, or form, so don't bother asking), and in the interest of conserving IP addresses, I've been faced with quite a challenge. - The Premis: A parent organization has an unused /16 of address space, for arguments sake, let's say it's 172.16.0.0/16. It's out of the old "class B" address range. Two groups within the organization want to bring up independant Internet datacenters, and need /18 of address space, each. Since the parent organization owns an unsed /16, the IP registry refuses to give the child organizations any address space - they insist all address blocks assigned to the parent organization be used, first. ISPph (ph=pigheaded) has a BGP policy that filters out all routes in 128.0.0.0/2 longer than /16. - The network: One group has Internet connectivity to 2 Tier1 ISPs (ISPa and ISPb) in North America. They announce out 172.16.0.0/18 to both ISPs from AS65001. The other group gets Internet connectivity to ISPc and ISPc in South America. They announce 172.16.64.0/18 to their ISPs from AS65002. There is no private network connectivity or backbones between the 2 companies. - The result: ISPph blocks out the /18s at the peering connections to ISPa, ISPb, ISPc, and ISPd. So, customers of ISPph cannot see servers on AS65001 or AS65002. - The workaround: We announce 172.16.0.0/16 as well as 172.16.0.0/18 from AS65001 to ISPa and ISPb. In our preliminary testing, we've found that what happens is that ISPph would route traffic to 172.16.64.0/18 to ISPa (or ISPb, but we'll assume ISPa has a better connection to ISPph), because it learned the 172.16.0.0/16 route from there. ISPa is hearing the *more specific* /18 from ISPc and ISPd, so it transits the traffic over to ISPc, which then delivers it to the South American site. - Questions: 1) is there a reason to announce the /16 from both ASs? Is that "legal?" 2) under normal situations (assume no link failures) would this cause any problem? 3) Is there a link failure scenario that would cause the /16 to create a blackhole for the 172.16.64.0/18 network? 4) Would you recommend this as a fix? Of course, it would make ISPa transit for ISPph, but they're pigheaded enough to make the Internet suck that way. Thanks for your time! ---- Dani Roisman [email protected]
|