Greetings NANOG, Was hoping to gain some insight into common practice with using BGP Communities downstream. For instance: We peer with AS100 (example) AS100 peers with TW Telecom (AS4323). Since I happen to know that AS100 doesn't sanitize the communities I send with my routes. I can take advantage of TW Telecom's BGP communities for traffic engineering. Such as 4323:666 (Keep in TWTC Backbone). Would this be something that is generally frowned upon? Still under the assumption that the communities aren't scrubbed off my routes. Could I do this with other AS's beyond TW Telecom? Such as TW's peering with Global Crossing (AS3549)? Nick Olsen Network Operations (855) FLSPEED x106
Le mardi 10 mai 2011 à 17:52 -0400, Nick Olsen a écrit :
Greetings NANOG, Was hoping to gain some insight into common practice with using BGP Communities downstream.
For instance: We peer with AS100 (example) AS100 peers with TW Telecom (AS4323). Since I happen to know that AS100 doesn't sanitize the communities I send with my routes. I can take advantage of TW Telecom's BGP communities for traffic engineering. Such as 4323:666 (Keep in TWTC Backbone). Would this be something that is generally frowned upon? Still under the assumption that the communities aren't scrubbed off my routes. Could I do this with other AS's beyond TW Telecom? Such as TW's peering with Global Crossing (AS3549)?
It's quite common, in my experience, that we remove (or at least filter; usually looking at geo-origin ones only) BGP community values from peers and filter them (modulo some set of agreed ones) from customers. In other words, don't generally expect transitivity. mh
Nick Olsen Network Operations (855) FLSPEED x106
On Tue, May 10, 2011 at 05:52:39PM -0400, Nick Olsen wrote:
Greetings NANOG, Was hoping to gain some insight into common practice with using BGP Communities downstream.
For instance: We peer with AS100 (example) AS100 peers with TW Telecom (AS4323). Since I happen to know that AS100 doesn't sanitize the communities I send with my routes. I can take advantage of TW Telecom's BGP communities for traffic engineering. Such as 4323:666 (Keep in TWTC Backbone). Would this be something that is generally frowned upon? Still under the assumption that the communities aren't scrubbed off my routes. Could I do this with other AS's beyond TW Telecom? Such as TW's peering with Global Crossing (AS3549)?
Well first off, if you're using the words "peers with" in the normal sense, your routes would never propagate to AS4323 in the first place. Assuming what you actually mean is that at least one of those sessions is a transit feed, essentially all (non-stupid) networks will filter their own TE communities from their transits/peers, so the odds of this working are almost non-existant. You also have about a 50/50 shot of AS100 stripping your communities before they even make it to AS4323 (or any other network). Personally my belief is that this is a bad thing, and you should only filter communities in your own name-space (i.e. $YOURASN:*), but this doesn't stop a large number of obnoxious networks from doing it anyways. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Tue, 10 May 2011, Nick Olsen wrote:
Was hoping to gain some insight into common practice with using BGP Communities downstream.
Generally, the transitive BGP attribute you have the most direct control over is AS_PATH, though it's not impossible for a provider to munge the AS_PATH on routes they receive from their transits and peers, beyond your control. Some providers might have communities that let you pass things along to their transit providers and peers, or influence traffic patterns / route propagation. For example, if I buy transit from ISP X, and they get transit from Level3 and Sprint, they might offer a community that lets me selectively prepend to Sprint (or Level3), I can affect how traffic flows to my network. In your example, AS100 might have a community that you can set on your announcements that will cause them to set 4323:666 on that prefix when it's passed to TWTC. If they don't offer a community, then doing what you're looking for would require one of their network people to put something manual in place. Many large networks don't like to (or won't) do that because one-off requests don't scale very well, and it can add complexity when troubleshooting a connectivity problem, or when someone fat-fingers an access-list/distribute-list/prefix-list. This varies greatly, based on the level of control your direct BGP neighbors are willing or able to offer to you. Also, in general, the farther away a network is from you (in terms of AS hops), the less likely you are to have control over how they propagate and act upon your announcements. jms
participants (4)
-
Justin M. Streiner -
Michael Hallgren -
Nick Olsen -
Richard A Steenbergen