North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[Splitting ARIN assignment] MPLS VPNv4, iBGP, split announce

  • From: Greg VILLAIN
  • Date: Sat May 31 17:43:32 2008


On May 22, 2008, at 7:02 PM, Joe Maimon wrote:

James Kelty wrote:
Hey all,
I'm looking for an opinion from the group. I have an ARIN /21 assignment and a new requirement for a second data center. Rather than ask for another assignment, I would like to advertise one /22 from one location and the other /22 from the second location both with the same asn. My apps will work that way, so I don't have an issue internally, but I'm looking for a broader base opinion on that.
Thanks a lot!
-James

You should attempt to advertise the /21 at each site along with the site's /22


If you dont have dedicated interconnectivity between the sites, tunneling *carefully* should do the trick.

This will ensure that if/when those who filter on strict allocation boundaries dont hear your /22, there will still be reachability, even if suboptimal, to your sites.

I have an equivalent dilemma: I'm of course well educated about not de- aggregating and would like, as much as possible, to avoid it.
I'm trying to build a small-bandwidth core across an MPLS VPN, and I haven't been able to get an answer from the suppliers I'm auditing (even big ones...) although I'm pretty sure I can do it.


Basically, the way I see it is that it would only be equivalent to a situation where hosts on my local LANs had tcp179 sessions across the VPN - but yet some (quite big players, not mentioning them though) are saying it would conflict with their instance of MP-BGP used for the VPN-v4. I seriously doubt it, but don't want to try it if there is a slightest risk.

Also, I'm technically convinced that the supplier can maintain my loopback's connectivity and replace my IGP to bear my infrastructure's addressing (well I'd first have to get them to accept whatever OSPF between my router and their CPE, so their CPEs redistribute my subnets into the VPN's vrf on their PEs).
I also don't want to add operational complexity by setting tunnels (one of the suppliers advised me to...) to bear the sessions - which I know would work, but I need to be sure my designed can be maintained easily, with least possible training.


The only B-Plan that I eventually have, is voluntarily bypass best- practice (should my self esteem suffer from that :) split my announces on different geographical zones, to not have to maintain iBGP sync.

Any one of you folks have any such experience ?
I'd hate to upset the community and get NOs to peering enquiries just because of that, which basically would make running an AS pointless...
Any pointers warmly welcome.


Greg VILLAIN
Independent internet architect