North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP Policies

  • From: william(at)elan.net
  • Date: Thu Sep 09 01:22:04 2004

On Thu, 9 Sep 2004, Tulip Rasputin wrote:

> Hi,
> 
> I have a general policy question.
> 
> Do the ISPs ever look for some particular AS number in the BGP AS_PATH and 
> then decide what action/preference/priority they need to take/give based on 
> the AS number(s) present in the BGP AS_PATH_SEQ/SET?

This happens all the time, but probably not quite the way you asked about it.
What does happen is that that preference for outgoing traffic is decided 
based on the AS path, I use this extensively and most of my route-maps are 
using "match as-path" for deciding which upstream link to send traffic to.

And really what else do you expect multihomed downstream isp to do if one 
upstream is known to have congestion on their link to another tier1 but
your other upsream does not have the same problem on their link to the 
same tier1?

> For instance, does it  happen that an ISP receives some BGP paths, but 
> because of some political,  social, economical, DOS attack, etc. reasons 
> decides that it doesn't want to  accept this path because some particular
> AS number is present in the BGP UPDATE.

BGP based filters also exist, but there appear to be no rules about when 
its good to set it up, so its quite rare and entire up to engineer at isp
to decide if he wants to do as-path based filter or access-list based filter.
And while I've never seen any discussion about it, I know that some people
mentioned that they have done it to some known spammer as##. But much more 
common is to use access-list and do filters based on ip blocks.

And you're correct that some people have used it during DoS attacks for 
quick filtering until they could fully discuss it with isp in question.
Usually again you'd use access-list and filter particular ip block, but if 
bad traffic appears to be coming from multiple ip blocks all from the same
isp, its quicker to just filter it entirely until situation is resolved.

> Basically, it doesn't want *its* traffic to flow via that particular AS 
> number(s). Or, if there is a mutual disagreement between two ISPs, and 
> one doesn't want  his traffic to traverse the other's AS number.
>
> Does this sort of thing ever happen? Are such restrictive policies normal in 
> the ISP/IX scenarios?

They are not "normal", but does happen. You really can't force somebody 
else to accept your traffic if they dont want to. So you should behave 
nice to your fellow isps and only send good traffic and have good
customers and then nobody would want to filter you :)

-- 
William Leibzon
Elan Networks
[email protected]