Steve Camas writes...
Are there ways around this?
Route filtering is not the end of the world. Suppose your network and AS are connected between ISP-A and ISP-B. You have a small /20 space from ISP-A. Now supposed ISP-C does filtering that blocks your announcements from going over their network. ISP-A will continue to announce the larger block that contains your small block. Thus for your network there will be a choice of two routes. Where both routes show up, _your_ route will be preferred because it is more specific for your prefix. The rest of the large block will go some other way. So the fact that ISP-A has an "umbrella announcement" over you will have no effect on your announcements. Within ISP-C, however, your announcement will be gone. But the "umbrella announcement" will be there, directing your traffic out over ISP-C's best route to ISP-A. You will _not_ be unreachable. When your traffic from ISP-C going to ISP-A finally reaches a router that has no filtering, then your own route will be seen. Depending on topology, at that point the best route to you may still be ISP-B. Whichever it is will now be the way your traffic goes. It could be ISP-B or ISP-A. Now suppose you lose your T1 to ISP-B. Everything will come to you via ISP-A because there is _your_ route as well as ISP-A's "umbrella route". Now suppose ISP-B is working and you lose your T1 to ISP-A. Your routes go out over ISP-B. The "umbrella route" will still come out to the world from ISP-A, but that won't matter because _your_ more specific route will be chosen anyway. But what about places behind ISP-C's filter that don't see your route at all? Your traffic will be guided out of ISP-C by ISP-A's "umbrella route" alone, but once a router is reached that has both routes, then your more specific route coming _only_ from ISP-B will be used, even if that router belongs to ISP-A (e.g. ISP-C peered to ISP-A directly). The scenario that will cause your network to be unreachable will be when ISP-A's "umbrella route" is no longer available. The smallest scale of failure would be the originating router being down. And this will only affect locations behind ISP-C's filters. Other places still see your routes via ISP-B. Your problem, Steve, is that your current ISP is ISP-C. They are a route filtering ISP. You need to either make sure they let your announcements out to the world at all of their peers (and getting this right may be a very difficult chore for these large bureaucractically driven companies) or choose ISPs that don't filter. You also need to make sure that the ISPs do not filter routes for parts of their own blocks coming in from other peers. If ISP-A did such filtering, then their own customers will find you unreachable, as well as those in ISP-C if ISP-C sends traffic for you into ISP-A. I know of no ISPs doing such a thing, but I actually discussed this with an engineer at MCI and verified that they indeed take announcements for their own networks back in over peers, so if you had MCI address space and your only working link was to another ISP, MCI will route to you via that ISP. I'm sure most others will, too, if they don't filter your route on the basis of your prefix size. That's why staying on Sprint can be a problem if you want to multi-home with a network smaller than a /19. -- Phil Howard | Is your website up right now? KA9WGN | If you subscribed to Red Alert you'd know for sure phil at milepost dot com | http://www.redalert.com/