Re: honoring AS-path prepend from a peer or customer?
In article <99118.183518.5014@avi.netaxs.com> you wrote: : If a peer (or transit customer) prepends their own AS to : their route announcements to you, do you ever strip off : the excessive As'es? That is, do you always honor them : in your announcements to your other customers (or peers)? : I do understand that any operator has full control over : deciding his own outbound policy, regardless of the : AS path. : I want to know what the industry practice is and whether : I should stipulate in my next upstream agreement that : they honor my prepends? : Thanks. Standard practice is to accept them, though you may need to tell the peer or upstream what regexps to allow if they filter by as-path as well as by prefix. (Always a good idea...) My side question is - what shipping routers will let you rewrite AS-Paths by doing anything other than just prepending? Just wondering if any 7007-type horrors are lurking in the wings. I believe Criscos, Bays, and gated boxes can't do this (without BGP->IGP->BGP redistribution). Avi
On Thu, Feb 18, 1999 at 08:53:09PM -0500, Avi Freedman wrote:
Standard practice is to accept them, though you may need to tell the peer or upstream what regexps to allow if they filter by as-path as well as by prefix. (Always a good idea...)
Yes, whenever I've set up customer/peer bgp sessions, I've done it such that we only did prefix filtering, not any as-path filtering, this allows them to prepend as they wish, just not advert anything other than what we filtered them at.
My side question is - what shipping routers will let you rewrite AS-Paths by doing anything other than just prepending? Just wondering if any 7007-type horrors are lurking in the wings. I believe Criscos, Bays, and gated boxes can't do this (without BGP->IGP->BGP redistribution).
I'm also interested. There have been vendor bugs that have tipped off 7007, etc.. but I'm only really familar with one vendor that (might) be able to do something like this. I would suspect that anyone not honoring your as-path prepending would be doing as-path filtering. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
done it such that we only did prefix filtering, not any as-path filtering, this allows them to prepend as they wish, just not advert anything other than what we filtered them at.
FYI, this is dangerous. For example - You have a customer A who has a customer B. B is multi-homed to A and 701. B's link to A goes down. So, if A's network is broken, they will send you a given prefix with as-path ^701 B$ or ^1239 701 B$ or ..., depending on how B sees 701. And you will transit it. Shouldn't cause any major damage, but something to be aware of.
- Jared
Avi
On Thu, Feb 18, 1999 at 10:33:09PM -0500, Avi Freedman wrote:
And you will transit it.
Yeah.
Shouldn't cause any major damage, but something to be aware of.
True, at the time, anyone who wanted to give me free transit, I was willing to take it from. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
At 10:33 PM 2/18/99 -0500, Avi Freedman wrote:
FYI, this is dangerous. For example -
You have a customer A who has a customer B. B is multi-homed to A and 701. B's link to A goes down.
So, if A's network is broken, they will send you a given prefix with as-path ^701 B$ or ^1239 701 B$ or ..., depending on how B sees 701.
And you will transit it.
Shouldn't cause any major damage, but something to be aware of.
I'm wondering why I shouldn't transit it? In fact, by prepending certain ASNs to each prefix, you can enforce selective route propagation through loop detection from networks two or more hops away. This is something which is very difficult to do otherwise without a *very* nice upstream. Of course, I would never recommend such practices. (It's not like I know anyone who has ever done anything even remotely like that..... ;)
Avi
TTFN, patrick I Am Not An Isp www.ianai.net ISPF, The Forum for ISPs by ISPs, <http://www.ispf.com> "Think of it as evolution in action." - Niven & Pournelle
participants (3)
-
Avi Freedman -
I Am Not An Isp -
Jared Mauch