You can use one AS and communities to seperate your traffic/policies. -jim ------Original Message------ From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended? Cheers Ryan Sent from my BlackBerry device on the Rogers Wireless Network
Le mercredi 01 décembre 2010 à 17:31 +0000, deleskie@gmail.com a écrit :
You can use one AS and communities to seperate your traffic/policies.
Or other iBGP means of internal separation, like BGP confederations (in order to avoid iBGP session hacks). mh
-jim ------Original Message------ From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM
I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended?
Cheers Ryan
Sent from my BlackBerry device on the Rogers Wireless Network
On Dec 1, 2010, at 4:30 PM, Michael Hallgren wrote:
Le mercredi 01 décembre 2010 à 17:31 +0000, deleskie@gmail.com a écrit :
You can use one AS and communities to seperate your traffic/policies.
Or other iBGP means of internal separation, like BGP confederations (in order to avoid iBGP session hacks).
Or just have disparate networks using the same ASN. Works fine. Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company? -- TTFN, patrick
------Original Message------ From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM
I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended?
Cheers Ryan
Sent from my BlackBerry device on the Rogers Wireless Network
On 12/1/2010 3:37 PM, Patrick W. Gilmore wrote:
Or just have disparate networks using the same ASN. Works fine.
Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company?
I dislike the problem of routes not being accepted with my ASN in it. There's workarounds, but they are all ugly. Jack
On Dec 1, 2010, at 4:43 PM, Jack Bates wrote:
On 12/1/2010 3:37 PM, Patrick W. Gilmore wrote:
Or just have disparate networks using the same ASN. Works fine.
Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company?
I dislike the problem of routes not being accepted with my ASN in it. There's workarounds, but they are all ugly.
Having islands which point default is not ugly. They are probably pointing default anyway. If not, typing "nei $FOO allowas-in" is also not ugly, IMHO. But your network, your decision. Mine runs fine like that. -- TTFN, patrick
On 12/1/2010 3:56 PM, Patrick W. Gilmore wrote:
Having islands which point default is not ugly. They are probably pointing default anyway.
If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them.
If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
Works, but you usually need to be careful when utilizing that method to prevent loops.
But your network, your decision. Mine runs fine like that.
I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it. Jack
On Dec 1, 2010, at 5:05 PM, Jack Bates wrote:
On 12/1/2010 3:56 PM, Patrick W. Gilmore wrote:
Having islands which point default is not ugly. They are probably pointing default anyway.
If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them.
Just because you have one transit doesn't mean you shouldn't do BGP. Consider the router at an exchange point with 100+ peers and one transit, for instance.
If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
Works, but you usually need to be careful when utilizing that method to prevent loops.
There is always a "you usually need to be careful" with any implementation, including a network without islands. If this is, for instance, a bunch of remote offices with a single router & two upstreams each, there is zero risk of routing loops. Otherwise, there are always considerations, whatever your topology choice.
But your network, your decision. Mine runs fine like that.
I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it.
If you think you need to be careful with allowas-in, you need to be an order of magnitude more careful with tunnels. Plus I don't like GRE. :) -- TTFN, patrick
participants (4)
-
deleskie@gmail.com
-
Jack Bates
-
Michael Hallgren
-
Patrick W. Gilmore