asymmetric routing issue on microsoft torix ix
Greetings, We have asymmetric routing issues from Microsoft TORIX connection between Microsoft and CANARIE and Microsoft and SHAW. We are sending traffic via Cybera-CANARIE-Microsoft ( SIX ) and receiving via Microsoft-Shaw-Cybera ( SIX ). if anyone from Microsoft is available please contact me offline. Regards, Samir 403.210.5382
On Thu 2019-Oct-17 14:19:54 -0600, Samir Rana <samir.rana@cybera.ca> wrote:
Greetings,
We have asymmetric routing issues from Microsoft TORIX connection between Microsoft and CANARIE and Microsoft and SHAW.
We are sending traffic via Cybera-CANARIE-Microsoft ( SIX ) and receiving via Microsoft-Shaw-Cybera ( SIX ).
And? Like, why is this a problem? Internet routing is highly asymmetrical.
if anyone from Microsoft is available please contact me offline.
Regards, Samir 403.210.5382
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
So, I'm gonna go out on a bit of a limb here, though I don't think by much. I wasn't aware, but CANARIE is an NREN, so probably you get cheap/free transit through that, versus some greater transit rate via Shaw. You can decide your own outbound policy, but you can't really wield that influence over inbound. In some cases maybe the far end network may have incentive to play along and tweak their routing policy, but I somewhat doubt Microsoft would maintain special routing policy just for you. So you are left with your regular inbound influence bag of tricks, e.g. prepending towards Shaw. If your upstream is a bit more feature-rich they may have some control communities you can use to influence how they advertise your prefixes, but I don't recall Shaw having anything as fine grained as "don't announce to this peer" like you might find on a route server. Prepending is a bit of a bigger hammer, though, as it affects the advertisements to any Shaw peers/customers Others may chime in with others possible inbound TE tricks, but nothing would beat e.g. getting a port at torix or SIX (you mentioned both) yourself and just peering with Microsoft directly. On October 17, 2019 2:06:53 p.m. PDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Thu 2019-Oct-17 14:19:54 -0600, Samir Rana <samir.rana@cybera.ca> wrote:
Greetings,
We have asymmetric routing issues from Microsoft TORIX connection between Microsoft and CANARIE and Microsoft and SHAW.
We are sending traffic via Cybera-CANARIE-Microsoft ( SIX ) and receiving via Microsoft-Shaw-Cybera ( SIX ).
And? Like, why is this a problem? Internet routing is highly asymmetrical.
if anyone from Microsoft is available please contact me offline.
Regards, Samir 403.210.5382
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
So you are left with your regular inbound influence bag of tricks, e.g. prepending towards Shaw.
the primary inbound steering tool is selective advertisement of sub-prefixes
i was shocked that the prepending presentation at ripe79 was blind to this
btw the ripe79 preso, https://ripe79.ripe.net/wp-content/uploads/presentations/64-prepending_mador..., did a good job of showing how prepending presents an attack surface. randy
participants (3)
-
Hugo Slabbert
-
Randy Bush
-
Samir Rana