Forgive a newbie question from a new PAIX peer... I've noticed some ISPs (BBN (*ahem* GTE), UUNET and Verio specifically) are advertising the PAIX peering network (198.32.176.0) as originating from their AS. Is this a common practice for all ISPs, or just enough to make the IX reachable? -Andy -- Andy McConnell 真向練 安堵龍 NTT America IP Headquarters First snow, then silence. This thousand dollar screen dies so beautifully. -- Haiku by Simon Firth
Andy, andym@ntt.net said:
I've noticed some ISPs (BBN (*ahem* GTE), UUNET and Verio specifically) are advertising the PAIX peering network (198.32.176.0) as originating from their AS.
Is this a common practice for all ISPs, or just enough to make the IX reachable
Normally this is up to the exchange point. Several, like LINX in the UK, have their own AS to correctly originate this. Announcing the DMZ unilaterally is not good practice. This often courses problems for some people with "unprotected" networks who carry around the next hop of routes external to their AS as the address on the DMZ and expect the DMZ route to be carried in their IGP, as if they accept a BGP route for the DMZ it will often have a better administrative weight and they will send traffic to the advertiser/leaker. Sane people protect their networks with inbound BGP filters. Many sane people also carry around loopback addresses only internally rather than DMZ's over whose announcement they have little control (on Cisco's set next-hop-self on iBGP peerings - there is little reason not to). IMHO the exchange point originating the DMZ in their own AS with defined transit arrangements for this AS *is* good practice. Others' religions may vary. -- Alex Bligh GX Networks (formerly Xara Networks)
participants (2)
-
Alex Bligh
-
Andy McConnell