+----------+ +---------+ | provider1| |provider2| +----------+ +---------+ ^ ^ | | | | +--------+ ++-------++ +----------+ |peer AS2+-----+ AS 1 +----+peer AS3 | +--------+ +---------+ +----------+ ^ ^ | | +------------+ +-------------+ |customer AS4| |customer AS5 | +------------+ +-------------+ um.... sorry, my question is: the AS relationship between AS1 and AS2/3 is peer, and AS1 cannot announce routes from AS3 to provider1 by rule. But if AS1 do it, and the realtionship between AS1 and AS3 is invisible to provider1, how can provider1 detect this route leak without knowing the privacy? In other words, could the business relationship between AS1 and AS3 be known to provider1/2? Thanks. Sky li
perhaps you should draw a little ascii art, I think you're asking:
DS1 - customer - you - isp
"can DS1's relationship to 'customer' be secret"
no. well, not if they want: 1) to use a public ASN 2) use ip space which isn't part of 'customer' aggregate 3) want to be reachable on the internet
It's safe to say that your goal as an ISP and a customer of an ISP, should be: "Make sure that all of my routes and the routes of my customers and their customers, that I'm expected to provide transit for, are in my ISP's filters."
-chris (and as someelse pointed out: "If they use BGP and expect global reachabilty... then the information isn't private anyway.")
-- Sky Li
On Thursday, February 20, 2014 08:09:35 PM Christopher Morrow wrote:
so, yes. pleass tell your upstream your customers so proper filtering can be automated and implemented.
don't turn up bgp customers without filtering, that kills kittens.
For all the leaking I've seen in the last four weeks (including a well-known operator that was involved in the Youtube/Pakistan saga + other well-known global operators that could be classified as "a reasonably large tier"), we're still a long way away ensuring all customer prefixes are filtered correctly at the inter-domain peering edge. A loooooooong way away...
Mark.