"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?" Yes, BGP updates. ~Jay Murphy IP Network Specialist NM State Government IT Services Division PSB - IP Network Management Center Santa Fé, New México 87505 Bus. Ph.: 505.827.2851 "We move the information that moves your world." "Good engineering demands that we understand what we're doing and why, keep an open mind, and learn from experience." "Engineering is about finding the sweet spot between what's solvable and what isn't." Radia Perlman P Please consider the environment before printing e-mail Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
On 2010.06.07 17:59, Murphy, Jay, DOH wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?"
Yes, BGP updates.
...again, I'm confused. BGP updates from where to where? From how I understand the OP's original question, there is no BGP. Hence, if one of the providers is statically routing the prefix to an interface or un-numbered as opposed to an IP address, then blackholing can occur if IP reachability is broken, but the link-layer is not. Is this not correct? Steve
Perhaps the providers BGP is just being fed from interface anchored static routes which will, hopefully, drop out if the customer facing interface goes down. Of course, this is realistic if we're talking about actual circuits like a T-1, not so much if we're talking metro ethernet or something... On Mon, Jun 7, 2010 at 6:38 PM, Steve Bertrand <steve@ipv6canada.com> wrote:
On 2010.06.07 17:59, Murphy, Jay, DOH wrote:
"So if the enterprise loses connectivity to one of these two providers,
does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?"
Yes, BGP updates.
...again, I'm confused.
BGP updates from where to where? From how I understand the OP's original question, there is no BGP.
Hence, if one of the providers is statically routing the prefix to an interface or un-numbered as opposed to an IP address, then blackholing can occur if IP reachability is broken, but the link-layer is not. Is this not correct?
Steve
Right on... ~Jay Murphy IP Network Specialist NM State Government IT Services Division PSB - IP Network Management Center Santa Fé, New México 87505 "We move the information that moves your world." "Good engineering demands that we understand what we're doing and why, keep an open mind, and learn from experience." "Engineering is about finding the sweet spot between what's solvable and what isn't." Radia Perlman P Please consider the environment before printing e-mail From: dorn@hetzel.org [mailto:dorn@hetzel.org] On Behalf Of Dorn Hetzel Sent: Monday, June 07, 2010 4:41 PM To: Steve Bertrand Cc: Murphy, Jay, DOH; nanog@nanog.org Subject: Re: Strange practices? Perhaps the providers BGP is just being fed from interface anchored static routes which will, hopefully, drop out if the customer facing interface goes down. Of course, this is realistic if we're talking about actual circuits like a T-1, not so much if we're talking metro ethernet or something... On Mon, Jun 7, 2010 at 6:38 PM, Steve Bertrand <steve@ipv6canada.com> wrote: On 2010.06.07 17:59, Murphy, Jay, DOH wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?"
Yes, BGP updates.
...again, I'm confused. BGP updates from where to where? From how I understand the OP's original question, there is no BGP. Hence, if one of the providers is statically routing the prefix to an interface or un-numbered as opposed to an IP address, then blackholing can occur if IP reachability is broken, but the link-layer is not. Is this not correct? Steve Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
Steve, We are obviously interpreting this in different slants. Definition of Transit service: for example, AS200 is said to receive transit service from, let's say AS3356, if through this connection, AS200 receives connectivity to the entire Internet and not only AS3356 and its customers. Yes I understand the customer is using static, however, some providers use BGP, and they use BGP to peer with other ISPs, that's it. ~Jay Murphy IP Network Specialist NM State Government IT Services Division PSB – IP Network Management Center Santa Fé, New México 87505 "We move the information that moves your world." “Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.” “Engineering is about finding the sweet spot between what's solvable and what isn't." Radia Perlman Please consider the environment before printing e-mail -----Original Message----- From: Steve Bertrand [mailto:steve@ipv6canada.com] Sent: Monday, June 07, 2010 4:38 PM To: Murphy, Jay, DOH Cc: Dale Cornman; nanog@nanog.org Subject: Re: Strange practices? On 2010.06.07 17:59, Murphy, Jay, DOH wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?"
Yes, BGP updates.
...again, I'm confused. BGP updates from where to where? From how I understand the OP's original question, there is no BGP. Hence, if one of the providers is statically routing the prefix to an interface or un-numbered as opposed to an IP address, then blackholing can occur if IP reachability is broken, but the link-layer is not. Is this not correct? Steve Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
On 2010.06.07 18:48, Murphy, Jay, DOH wrote:
Steve,
We are obviously interpreting this in different slants.
Agreed ;)
Definition of Transit service: for example, AS200 is said to receive transit service from, let's say AS3356, if through this connection, AS200 receives connectivity to the entire Internet and not only AS3356 and its customers.
Yes. The OP has transit through two separate ISPs. Neither of which provide him a BGP session, because one of the providers doesn't seem willing/capable to do so, even though the ISP who is responsible for the space has provided the other with an LOA to allow the prefix to originate from their ASN. Essentially, the OP is transiting through both ISPs, but not providing any transit services, and the transit path is provided via static routes as opposed to dynamic ones.
Yes I understand the customer is using static, however, some providers use BGP, and they use BGP to peer with other ISPs,
s/some/real ...and not only for peering, but for transit (to the DFZ) as well.
that's it.
I have had a couple discussions with people off list. Although I don't know the reasoning for the OP's ISP's decision to not use BGP, in cases that I've dealt with this, it is usually due to lack of clue on how to use private ASs, or BGP in general. These ISPs (in my experience) have their DFZ-facing sessions set up by their upstreams, and don't have the knowledge to configure BGP toward the clients. Personally, if this is the case, then I'd be just as concerned with their ability to ensure that a proper configuration to auto-detect failure that causes removal of the prefix from their tables to avoid blackholes. With that said, I'd also be just as concerned with their BGP troubleshooting and filtering abilities if they were to offer a session. Some of the smaller ISPs that fit this bill will actually allow you to work with them and provide them advice along the way, if not even contract the client as a consultant to ensure that this new-to-them setup is documented properly so it can be re-used with other clients. Also, I'm sure that it would be more work to co-ordinate the efforts for a static setup like this between two providers than it would be to just set up BGP. More documentation (and unnecessary static routes too). Steve
On Mon, Jun 7, 2010 at 14:59, Murphy, Jay, DOH <Jay.Murphy@state.nm.us> wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?" Yes, BGP updates.
Um, it wasn't a trick question Jay, and as others have stated, since the providers are statically routing this address space to their common customer, this would require a coordinated effort to manually (or preferably automatically) shutdown the advertisement should connectivity be lost to the customer. There are a number of ways that could be achieved, but it's obviously important that it is. -Bill
Yes, I understand this point. So, elaborate on the answer... I am not making something simple, complex, homey. ~Jay Murphy IP Network Specialist NM State Government IT Services Division PSB – IP Network Management Center Santa Fé, New México 87505 "We move the information that moves your world." “Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.” “Engineering is about finding the sweet spot between what's solvable and what isn't." Radia Perlman Please consider the environment before printing e-mail -----Original Message----- From: Bill Fehring [mailto:lists@billfehring.com] Sent: Monday, June 07, 2010 4:42 PM To: Murphy, Jay, DOH Cc: Dale Cornman; nanog@nanog.org Subject: Re: Strange practices? On Mon, Jun 7, 2010 at 14:59, Murphy, Jay, DOH <Jay.Murphy@state.nm.us> wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?" Yes, BGP updates.
Um, it wasn't a trick question Jay, and as others have stated, since the providers are statically routing this address space to their common customer, this would require a coordinated effort to manually (or preferably automatically) shutdown the advertisement should connectivity be lost to the customer. There are a number of ways that could be achieved, but it's obviously important that it is. -Bill Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
Bill Fehring wrote:
On Mon, Jun 7, 2010 at 14:59, Murphy, Jay, DOH <Jay.Murphy@state.nm.us> wrote:
"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?" Yes, BGP updates.
Um, it wasn't a trick question Jay, and as others have stated, since the providers are statically routing this address space to their common customer, this would require a coordinated effort to manually (or preferably automatically) shutdown the advertisement should connectivity be lost to the customer. There are a number of ways that could be achieved, but it's obviously important that it is.
-Bill
Not necessarily: the way that I have seen this implemented the upstreams rely upon the static -- or sometimes connected -- route being pulled from the route table if the interface goes down. Once pulled from the table the it drops out of IGP and then from the eBGP announcement. It is -- without a doubt -- a crappy solution as it doesn't deal with things like looped circuits, bad encapsulations, etc....
participants (5)
-
Bill Fehring -
Dorn Hetzel -
Murphy, Jay, DOH -
sjk -
Steve Bertrand