At 12:01 -0400 7/24/97, root@gannett.com wrote:
Without the ISP having total control over the customer router, a misconfiguration of filters on the customer side could easily cause the customer to be a valid (and 1 hop) path in the tables from ISP A to ISP B. Doesn't sound like a possibility I would be willing to have hanging over my head.
Well, since my bandwidth is necessary for my business, I think I'd be much more concerned about becomming the valid route than my upstreams, if they get better routing through me, it's not necessarily a bad thing for them unless they're concerned about me snarfing traffic.
Plus, you can filter out what you send to me if you're my upstream. That means you'll need a misconfigured router on your side *and* one on mine. I don't know your competency, but I'm fairly certain of mine ;). I put a lot more time, effort and care into choosing a provider than you do into choosing a customer.
I don't think it's as big of an issue, other than the obvious effects of router filtering performance, and the chance that the upstream could hose his filters when he goes to listen for routes to me from external sources if he's already got major paranoia filters. Hopefully, he's got that filtered to only happen from my other peering points though.
It's not rocket science, but it does take some care in set-up. You have as much chance of getting control of my gateway routers as you have of turning into a purple poodle. I'd purchase Yet Another Service Provider and route a tier lower before I'd play that game. I've got a lot more to lose than my upstreams.
Paul, you clearly know what you are doing. But it's amazing how many organizations don't understand fundamental global routing concepts, and believe waving money at ISPs will make them do what they want even if that makes no sense. I've been doing design seminars for the pre-/post-sales tech support organizations of several national-level carriers. In a recent class, the students brought up a problem with one of their accounts, which I shall call Major Clueless Bank (MCB). Said bank wanted to offer consumer banking over the Internet. All their direct connectivity came from my client, National Service Provider (NSP-1), at several geographically dispersed points. By my taxonomy, single-homed, multi-linked. MCB desired to level the load over their various server farms and links to NSP-1. They had fixated on BGP as the way to do what they thought they wanted to do, which was to affect the MED passed to peers of NSP-1 based on loading of their servers. They also wanted to affect NSP-1's interior routing so they could advertise more specific routes to each of their server farms, again based on _their_ load. Several million a year in revenues were involved. IMHO, on looking at what they were trying to do, it wasn't even a routing problem. What they wanted was probably best done with DNS load control. They simply did not realize that what they wanted in routing would have marginal effect on the direct peers of NSP-1, and none on non-adjacent AS. Their fundamental mental model was an enterprise network where they were in control. And their next level of detail assumed everything could be controlled with IP routing. The concept that other traffic flowed in NSP-1, and that they could not control the routing of other AS with whom they had no business relationship, simply didn't penetrate. So if the ISP has to set general policies,they need to protect themselves against the NCBs of the world. Paranoid filtering isn't enough if the customer is demanding something not possible. A part of making multihoming practical is managing customer expectations and educating enterprise network designers (or encouraging them to _have_ designers). Howard I see this again and again.