Consequences of BGP Peering with Private Addresses
Hey All, So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice? Cheers, James
On Jun 15, 2011, at 12:47 PM, James Grace wrote:
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
"Horrific"? How about: "Most peers won't bring up a session." What happens if the peer is using 1918 space internally? -- TTFN, patrick
i guess you have a lot of ibgp sessions ..........:-) bgp finite state model http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/finite... http://docs.google.com/viewer?a=v&q=cache:C5Rq3DV63akJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.71.3908%26rep%3Drep1%26type%3Dpdf+BGP+finite+machine&hl=en&gl=uk&pid=bl&srcid=ADGEESiwviFqLXrhPybI3RwpVftr_qlgTSZbIzw2b6rlIEAKE8pqIN-D_2BpJIDacMx18AVSBpZtVAYLoPiUcsLbzDOVAcH9whrXJqB8zFm6R7ImuKNoC8dkYD_OHliYNrldoLGde9Hc&sig=AHIEtbQa0Typ1WE3rB9ztWZaYFIA8t-mag http://tools.ietf.org/html/rfc4271 --- On Wed, 6/15/11, Patrick W. Gilmore <patrick@ianai.net> wrote:
From: Patrick W. Gilmore <patrick@ianai.net> Subject: Re: Consequences of BGP Peering with Private Addresses To: "NANOG list" <nanog@nanog.org> Date: Wednesday, June 15, 2011, 6:54 PM On Jun 15, 2011, at 12:47 PM, James Grace wrote:
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
"Horrific"? How about: "Most peers won't bring up a session."
What happens if the peer is using 1918 space internally?
-- TTFN, patrick
On 15/06/2011 17:47, James Grace wrote:
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
yes. it causes nasty problems if you use urpf (as you should), in particular with pmtu discovery and traceroute. Nick
On Wed, Jun 15, 2011 at 9:47 AM, James Grace <james@cs.fiu.edu> wrote:
Hey All,
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
You can reclaim space by switching your peerings to /31s where possible. If you go down the private space route, make sure you and your peers know about "next hop self" Cameron
IPv4? IPv6? are you planning to do NAT or PAT? Are you using a bogous ASN 64512 through 65534 to be used for private purposes? /30 -> 4 addresses/2 hosts -> you can't do a mesh configuration w/ that subnet mask.......... --- On Wed, 6/15/11, James Grace <james@cs.fiu.edu> wrote:
From: James Grace <james@cs.fiu.edu> Subject: Consequences of BGP Peering with Private Addresses To: nanog@nanog.org Date: Wednesday, June 15, 2011, 6:47 PM Hey All,
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
Cheers, James
On Wed, Jun 15, 2011 at 12:47 PM, James Grace <james@cs.fiu.edu> wrote:
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
I agree with other posters that this is not a good practice. Is it somehow not possible for you to obtain additional address space? Can you not use neighbor-assigned /30s more frequently to avoid exhausting your existing allocation? For eBGP neighbors, I would sooner use non-unique /30s than utilize RFC1918 space. While this would not allow for correct reverse DNS, and traceroute would be less obvious, it has fewer disadvantages than assigning RFC1918 for your peer link-nets. You will need to re-write next-hop towards iBGP neighbors, though (using next-hop-self or translating to internal numbers for routing protocol use) and you should not re-use the same /30 twice on the same ASBR. This may sound crazy, and it is certainly not an ideal way of doing things; but it is an alternative worth consideration as networks exhaust their available IPv4. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
________________________________________ From: Jeff Wheeler [jsw@inconcepts.biz]
This may sound crazy, and it is certainly not an ideal way of doing things; but it is an alternative worth consideration as networks exhaust their available IPv4.
I have not followed this whole thread, but did anybody suggest just using IPv6 for this? -- Leigh Porter ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
On Thu, 2011-06-16 at 11:30 +0000, Leigh Porter wrote:
I have not followed this whole thread, but did anybody suggest just using IPv6 for this?
I was going to mention this, but it's only the neighbor address that is IPv6. You still need an IPv4 next-hop and that is where the issue is in using RFC1918 within this scenario. Tom
And that will teach me not to read the thread! -- Leigh ________________________________________ From: Tom Hill [tom@ninjabadger.net] Sent: 16 June 2011 13:46 To: nanog@nanog.org Subject: RE: Consequences of BGP Peering with Private Addresses On Thu, 2011-06-16 at 11:30 +0000, Leigh Porter wrote:
I have not followed this whole thread, but did anybody suggest just using IPv6 for this?
I was going to mention this, but it's only the neighbor address that is IPv6. You still need an IPv4 next-hop and that is where the issue is in using RFC1918 within this scenario. Tom ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Also absent from this discussion is that the RIRs are still issuing address space, and interface addressing is perfectly reasonable justification. -a
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/15/11 5:47 PM, James Grace wrote:
So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?
This might summarize it nicely. http://www.ietf.org/id/draft-kirkham-private-ip-sp-cores-04.txt - -gaurab - -- http://www.gaurab.org.np/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk36rtUACgkQSo7fU26F3X3WzQCcC0Hv62BTNK111mRs16ISJQ7o ZfcAn05LoQuFTshG22QYLOmwdLnNm3GY =vZI7 -----END PGP SIGNATURE-----
On Jun 15, 2011, at 12:47 PM, James Grace wrote:
Are there any horrific consequences to picking up this practice?
<http://tools.ietf.org/html/draft-kirkham-private-ip-sp-cores-04> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde
participants (11)
-
Adam Rothschild
-
Cameron Byrne
-
Dobbins, Roland
-
Gaurab Raj Upadhaya
-
isabel dias
-
James Grace
-
Jeff Wheeler
-
Leigh Porter
-
Nick Hilliard
-
Patrick W. Gilmore
-
Tom Hill