Hi Tarko, folks, tarko@lanparty.ee (Tarko Tikan) wrote:
This can be very harmful. Consider IP transit customer of said transit provider that is single homed to said transit provider.
Transit provider will select the aggregate prefix with no-export as best and will not propagate it to its customers while there can be alternative routes available between the prefix owner and transit provider. This will result loss of connectivity for those singlehomed customers.
Yeah, no. Provided they are singlehomed customers who generally set (or take) a default route to that transit, they are completely fine. Their transit knows the prefix and will use it. It gets more problematic for multihomed customers. As for the original question in the thread... NO_EXPORT is for us (DNS anycasting) an important tool to keep the "service cone" limited, and to prevent (esp. bigger) providers from attracting traffic from further away than we consider reasonable. And yes, we monitor for leaking; some (again, mostly bigger) providers strip-and-leak... We're deploying enough nodes to be able to run it that way, and we have - of course - a few nodes that advertise a supernet without NO_EXPORT to service whoever isn't peering with us. For us, NO_EXPORT is an important TE tool; others prefer massaging path preloads until things look balanced. Others again only peer 1:1 or even over PNIs and monitor their peers pretty closely. Cheers, Elmar.