Hi, I have a general policy question. Do the ISPs ever look for some particular AS number in the BGP AS_PATH and then decide what action/preference/priority they need to take/give based on the AS number(s) present in the BGP AS_PATH_SEQ/SET? For instance, does it happen that an ISP receives some BGP paths, but because of some political, social, economical, DOS attack, etc. reasons decides that it doesn't want to accept this path because some particular AS number is present in the BGP UPDATE. Basically, it doesn't want *its* traffic to flow via that particular AS number(s). Or, if there is a mutual disagreement between two ISPs, and one doesn't want his traffic to traverse the other's AS number. Does this sort of thing ever happen? Are such restrictive policies normal in the ISP/IX scenarios? Thanks, Tulip
yes. On Thu, Sep 09, 2004 at 09:58:52AM +0530, Tulip Rasputin wrote:
Hi,
I have a general policy question.
Do the ISPs ever look for some particular AS number in the BGP AS_PATH and then decide what action/preference/priority they need to take/give based on the AS number(s) present in the BGP AS_PATH_SEQ/SET? For instance, does it happen that an ISP receives some BGP paths, but because of some political, social, economical, DOS attack, etc. reasons decides that it doesn't want to accept this path because some particular AS number is present in the BGP UPDATE.
Basically, it doesn't want *its* traffic to flow via that particular AS number(s).
Or, if there is a mutual disagreement between two ISPs, and one doesn't want his traffic to traverse the other's AS number.
Does this sort of thing ever happen? Are such restrictive policies normal in the ISP/IX scenarios?
Thanks, Tulip
So can you give me an example of why and when would an ISP *not* want its traffic to flow via some other AS(es). Is it a normal policy to have, and do most of the ISPs have such policies in place? Thanks, Tulip ----- Original Message ----- From: <bmanning@vacation.karoshi.com> To: "Tulip Rasputin" <tulip_rasputin@yahoo.ca> Cc: <nanog@merit.edu> Sent: Thursday, September 09, 2004 10:07 AM Subject: Re: ISP Policies
yes.
On Thu, Sep 09, 2004 at 09:58:52AM +0530, Tulip Rasputin wrote:
Hi,
I have a general policy question.
Do the ISPs ever look for some particular AS number in the BGP AS_PATH and then decide what action/preference/priority they need to take/give based on the AS number(s) present in the BGP AS_PATH_SEQ/SET? For instance, does it happen that an ISP receives some BGP paths, but because of some political, social, economical, DOS attack, etc. reasons decides that it doesn't want to accept this path because some particular AS number is present in the BGP UPDATE.
Basically, it doesn't want *its* traffic to flow via that particular AS number(s).
Or, if there is a mutual disagreement between two ISPs, and one doesn't want his traffic to traverse the other's AS number.
Does this sort of thing ever happen? Are such restrictive policies normal in the ISP/IX scenarios?
Thanks, Tulip
Tulip Rasputin wrote:
So can you give me an example of why and when would an ISP *not* want its traffic to flow via some other AS(es). Is it a normal policy to have, and do most of the ISPs have such policies in place?
If you don't have a transit agreement and aren't sitting in the top tier peering list, you will not want traffic to flow via some other AS(es) as they may be blocking your advertisements inbound. This is really a "tier" question. Most end-node ASNs you will find do not want to provide transit traffic between their upstream ISPs (asking for trouble and bandwidth saturation) or at least make it a short-term emergency act of altruism. You may have "dedicated" circuits or bandwidth or CIRs for certain services from YOUR ASN only. They may not accept traffic that doesn't originate in your ASN and you're wasting time to try. Part marketing, part business, part political as what transit you will support (and what transit your upstream(s) support). In more practical terms, we have dedicated circuits for H.323 video, an IPSec link to our parent campus with the university-wide SAP/R3 traffic, another link restricted to ESNet (immediate peers only). For a commercial ISP your mileage may vary as you are, above a certain level, providing transit between different administrative domains (or ASNs, or whatever). You can do this with statics, with policy routing (or null routing), or in a local OSPF or whatever routing mechanism you have at your border. Jeff
Once upon a career, I was involved with shipping cargo via ocean vessel to Kuwait (and other Arab countries). We had to provide signed affadavits from the ships owners that the carrying vessels were neither Israeli owned nor would call any Israeli ports during the voyage. If Arab countries' ISP's were to follow the same political philosophy, I could see them filtering accordingly. In short, politics. Is it 'normal'? Boy, is that a loaded question ;) --Peter Wohlers Tulip Rasputin wrote:
So can you give me an example of why and when would an ISP *not* want its traffic to flow via some other AS(es). Is it a normal policy to have, and do most of the ISPs have such policies in place?
Thanks, Tulip
----- Original Message ----- From: <bmanning@vacation.karoshi.com> To: "Tulip Rasputin" <tulip_rasputin@yahoo.ca> Cc: <nanog@merit.edu> Sent: Thursday, September 09, 2004 10:07 AM Subject: Re: ISP Policies
yes.
On Thu, Sep 09, 2004 at 09:58:52AM +0530, Tulip Rasputin wrote:
Hi,
I have a general policy question.
Do the ISPs ever look for some particular AS number in the BGP AS_PATH and then decide what action/preference/priority they need to take/give based on the AS number(s) present in the BGP AS_PATH_SEQ/SET? For instance, does it happen that an ISP receives some BGP paths, but because of some political, social, economical, DOS attack, etc. reasons decides that it doesn't want to accept this path because some particular AS number is present in the BGP UPDATE.
Basically, it doesn't want *its* traffic to flow via that particular AS number(s).
Or, if there is a mutual disagreement between two ISPs, and one doesn't want his traffic to traverse the other's AS number.
Does this sort of thing ever happen? Are such restrictive policies normal in the ISP/IX scenarios?
Thanks, Tulip
-- ***************** * Peter Wohlers * *pedro@whack.org* *****************
On Thu, 9 Sep 2004, Tulip Rasputin wrote:
Hi,
I have a general policy question.
Do the ISPs ever look for some particular AS number in the BGP AS_PATH and then decide what action/preference/priority they need to take/give based on the AS number(s) present in the BGP AS_PATH_SEQ/SET?
This happens all the time, but probably not quite the way you asked about it. What does happen is that that preference for outgoing traffic is decided based on the AS path, I use this extensively and most of my route-maps are using "match as-path" for deciding which upstream link to send traffic to. And really what else do you expect multihomed downstream isp to do if one upstream is known to have congestion on their link to another tier1 but your other upsream does not have the same problem on their link to the same tier1?
For instance, does it happen that an ISP receives some BGP paths, but because of some political, social, economical, DOS attack, etc. reasons decides that it doesn't want to accept this path because some particular AS number is present in the BGP UPDATE.
BGP based filters also exist, but there appear to be no rules about when its good to set it up, so its quite rare and entire up to engineer at isp to decide if he wants to do as-path based filter or access-list based filter. And while I've never seen any discussion about it, I know that some people mentioned that they have done it to some known spammer as##. But much more common is to use access-list and do filters based on ip blocks. And you're correct that some people have used it during DoS attacks for quick filtering until they could fully discuss it with isp in question. Usually again you'd use access-list and filter particular ip block, but if bad traffic appears to be coming from multiple ip blocks all from the same isp, its quicker to just filter it entirely until situation is resolved.
Basically, it doesn't want *its* traffic to flow via that particular AS number(s). Or, if there is a mutual disagreement between two ISPs, and one doesn't want his traffic to traverse the other's AS number.
Does this sort of thing ever happen? Are such restrictive policies normal in the ISP/IX scenarios?
They are not "normal", but does happen. You really can't force somebody else to accept your traffic if they dont want to. So you should behave nice to your fellow isps and only send good traffic and have good customers and then nobody would want to filter you :) -- William Leibzon Elan Networks william@elan.net
participants (5)
-
bmanning@vacation.karoshi.com -
Jeff Kell -
Peter Wohlers -
Tulip Rasputin -
william(at)elan.net