On Fri, Jul 25, 1997 at 09:01:13AM -0400, Gordon Mercer wrote:
Don't think he did, Alec. Using communities would make it much easier to filter the routes to the customer than using confederation. I don't think there's any need to implement confedrations here. Sounds like headaches I don't need. Communities would allow you to filter very specifically only routes coming from the router.
Well, comparing a 'real AS to a separate community' doesn't really sound right to me. Replacing community with confederation would make more sense, although I do see your point. However I believe JD's point is that it isn't _necessary_ to get a separate ASN if you've got a small downstream who doesn't care about having his AS visible to the outside world.
The real problem here is that the ISP with the EBGP session still depends on the ISP with the IBGP session to do things correctly, unless customer routes are filtered at a network level -- Something I've never liked doing, but always felt was necessary.
Unfortunately it is, as the AS7007 disaster illustrated all too clearly.
How can I have a setup that is flexible enough to satisfy my customer (and my workload) but safe for me?
MCI has a route registry that you send updates to just like the RADB (the RADB and MCI RR actually exchange data). I believe MCI then builds network-based access lists based on that database.
I've had customers running OSPF with one of my routers that was redistributing OSPF into BGP, and it was probably one of the stupidest mistakes I've ever made.
NONONONONO! Speaking IGP with customers bad!
Screwed me when some dumbass decided he could use whatever networks he wanted on the Sun they were running gated on.
Yep, there's the problem. BGP was designed to be an inter-domain routing protocol, and should be used as such. Unfortunately we need some sort of network-level control over what a customer sends upstream. Implementing some sort of automated scheme (like the MCI RR for example) is IMO the only scalable way of doing so. Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - ahp@hilander.com | Erols Internet Services, INC. | |Network Engineer | Springfield, VA. | +------------------------------------+--------------------------------------+