A bit of sanity..Prefix based filtering != not caring about your backbone. Quite the reverse. As far as trusting bgp goes, most times you can, sometimes you can't. Prefix filtering is for the times you can't. Everybody remembers that those times happen, right?
I remember, although it is getting to be a problem with each provider having a 'not invented here' syndrome. I give Sprint a list of our prefixes in one format, MCI a list of our prefixes in another format. I'm not a big fan of centralized storage, since whois.ra.net WHOIS server doesn't seem to be responding tonight. But it would be nice if I could generate the information once, and let all the providers use it.... Gosh, I wonder what that could be.
If your AS is in an appropriate (your upstream providers) autnum, and the route object for the prefix is in the <pick the registry of your choice> things work without a phone call. When they don't work, our noc does a good job of helping to figure out what the problem is and getting it fixed.. That exception is the process Jon is in.
Exactly how this works hasn't been very clear to an outsider. I've had customers with their own AS number, who moved from one provider to another provider. I added their ASN to our AS-MACRO in the RADB and announced their AS and network prefixes. When their first provider stopped announcing the AS, the customer couldn't reach ANS. A call to the ANS NOC received a response in addition to updating the RADB we were supposed to send ANS a seperate message telling you the AS number was now being announced by our network (as indicated by the AS-MACRO). New network prefixes, and new AS numbers seem to get in Ok. But moving AS numbers still seems to be a special case. I can understand why, but it would be nice if there was some way you could let other ISPs know what the special cases are, so we don't get surprised. If this is not the case, I know I'm not alone in appreciating knowing when or not we have to send ANS a seperate note for AS number policy changes. On a related subject, is there any concern about cleaning obsolete objects out of the various routing registries? Information entropy seems out of control in most of these registries. It looks like they could use a good dose of authority control and weeding. If you aren't a library cataloger I suspect you've never heard of it. Or should we just declare the registry databases a failed experiment, and leave them as trash dumps for the archalogists to dig through. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
From: Sean Donelan <SEAN@SDG.DRA.COM> Subject: Re: BGP & CIDR blocks
Exactly how this works hasn't been very clear to an outsider. I've had customers with their own AS number, who moved from one provider to another provider. I added their ASN to our AS-MACRO in the RADB and announced their AS and network prefixes. When their first provider stopped announcing the AS, the customer couldn't reach ANS. A call to the ANS NOC received a response in addition to updating the RADB we were supposed to send ANS a seperate message telling you the AS number was now being announced by our network (as indicated by the AS-MACRO). New network prefixes, and new AS numbers seem to get in Ok. But moving AS numbers still seems to be a special case. I can understand why, but it would be nice if there was some way you could let other ISPs know what the special cases are, so we don't get surprised.
If this is not the case, I know I'm not alone in appreciating knowing when or not we have to send ANS a seperate note for AS number policy changes.
Well, the idea is that aut-nums/as-macros should take care of this case. However, I agree that there are situations where AS policy changes can be painful (ie, require a call). I also agree that isn't the way it should be. There is standards and development work going on here within ietf, so registry work isn't, by any stretch, just an ANS issue.
On a related subject, is there any concern about cleaning obsolete objects out of the various routing registries? Information entropy
There is serious concern, and this is an ongoing effort. Again, longterm fixes are in the works.. Sorry for the vagueness, but I'm no expert on the rps standards work. Perhaps those that are could comment..Or perhaps they are smarter than I. :) I will note that there is a draft concerning authentication and authorization of routing policy information, that speaks to the issue you raise..I list it below. There is also a draft on ripe181 to rps transition..I mention these only to indicate again that there is real work going on here, and to point those that want to learn more the right way. http://www.ietf.org/internet-drafts/draft-ietf-rps-auth-00.txt http://www.ietf.org/internet-drafts/draft-ietf-rps-transition-02.txt
Or should we just declare the registry databases a failed experiment, and leave them as trash dumps for the archalogists to dig through.
Well, I'm not interested, nor I suspect are many others, in taking this down the religious war path (any further than it has already gone). So I'll leave this alone. :) RobS
Rob,
Or should we just declare the registry databases a failed experiment, and leave them as trash dumps for the archalogists to dig through.
Well, I'm not interested, nor I suspect are many others, in taking this down the religious war path (any further than it has already gone).
Neither am I. Just want to point out that using the registry database for verifying AS origin in BGP is not the only possible alternative. See draft-bates-bgp4-nlri-orig-verif-00.txt for another approach. Yakov.
participants (3)
-
Rob Skrobola
-
Sean Donelan
-
Yakov Rekhter