ISPs who de-aggregate intentionally?
As part of the process of making the latest BGP draft an IETF standard, the IDR working group is in the process of reviewing how the current draft reflects deployed code. As part of this effort, if anyone is aware of ISPs who intentionally de-aggregate routes and could contact me to share some of the reasoning and their methodologies behind this, I would greatly appreciate it. Please note - no names will be named, unless you want to be. A summary of the results will be posted back to this list. -- Jeff Haas NextHop Technologies
As a quick followup to my request: On Tue, Sep 10, 2002 at 05:06:51PM -0400, Jeffrey Haas wrote:
As part of this effort, if anyone is aware of ISPs who intentionally de-aggregate routes and could contact me to share some of the reasoning and their methodologies behind this, I would greatly appreciate it.
Explicit de-aggregation, in this case, is taking an existing announcement and creating more specific announcements from it. For example, taking 10/8 and creating (where it didn't exist before) 10/9 and 10.128/9. The leaking of more specific routes that actually exist in your network is more a case of failing to aggregate, even if the assiged internal networks are a result of taking your assigned block and breaking it into several subnets. Thanks for all the responses thus far. -- Jeff Haas NextHop Technologies
Apologies in advance for the overly-detailed nature of this post. I'd like to thank the individuals who responded to me regarding de-aggregation in BGP. Overall, I had about 40 responses. In general, the responses were encouraging. Largely this was because most of the people who responded didn't know what kind of de-aggregation I was talking about. If you will indulge me a minute: ISPs are typically assigned some netblock to make their internal allocations from. This netblock is divided into subnets which are internally used at various POPs, etc. But overall, unless some portions of this block are re-allocated to customers outside a given AS, a given netblock can be thought to belong to an AS. Best Current Practice is to advertise this netblock, or at least some portion of it and *not* to advertise the individual subnets. In general, aggregation is your friend and will make the Net a happy place. But as we all know, providers will often advertise their internal more- specific routes for a variety of purposes. The biggest one is for traffic engineering purposes. The majority of the respondents noted that when they do this form of "de-aggregation" (or what I prefer to just call "leaking more-specifics"), they will usually mark them with the NO_EXPORT community and typically only advertise them to peers and their direct upstreams. In other cases, the NO_EXPORT community isn't added with the explicit purpose of engineering incoming traffic. While advertising your more specific routes is a degenerate form of de-aggregation, the form I was looking for was explicit de-aggregation of routes where the more specific did not previously exist. This could, at its worst, be a form of proxy de-aggregation by a second party. Of the respondents, only three cases ever showed up for this: 1. The ones who remember the bad-old days of BGP3 and classful networks where it was necessary to do this at your BGP4->3 borders. 2. Where routes were de-aggregated internally to better shape traffic flows, typically setting NO_ADVERTISE so as to not accidentally alter the intended announcements of the ISP. Note that this was the subject of a NANOG presentation: http://www.nanog.org/mtg-0206/ppt/abley/ 3. Doing this form of de-aggregation intentionally at your border and advertising the more specifics in order to mitigate a routing DoS due to someone claiming your address space. ---- What brought about this question? The BGP-4 specification (draft-ietf-idr-bgp4-17, rfc1771, rfc1654) was largely crafted to add support for CIDR to Internet routing. Aggregation was a relatively new thing. As part of the transition, it was necessary for networks who aggregated to be able to de-aggregate their networks into classful networks. In any case where de-aggregation happens, there is the possibility that either one of the generated more specifics will make it back to the networks that have previously announced the component networks. This can cause forwarding loops. So long as those AS's are reflected in the AS_PATH, its a non-issue since their routers will drop the announcements. The BGP-4 specification, knowing this was an issue, provided two mechanisms to prevent this from being an issue. The first is that when an aggregate is synthesized (explicit aggregation, say via an "aggregate" statement in your router), the AS_PATH attribute would also be aggregated. The second case deals with implicit aggregation. If you have a less specific and a more specific route, and choose to announce only the less specific route, you have implicitly aggregated it. For example: R1: 10/8 AS_PATH 1 2 3 4 5 R2: 10/24 AS_PATH 6 7 If you announce only R1 or even only install R1 in your routing table, you have an imiplicit aggregation scenario. In the above example, if you only announce R1, you have a component that will follow a different path. In these cases, the BGP Path Attribute ATOMIC_AGGREGATE was intended to be added to signal that you should not de-aggregate this route since path information has been lost that could lead to forwarding loops. The base BGP-4 specification (rfc 1771) provided adding ATOMIC_AGGREGATE only in the case where you had a more and a less specific route from a given peer. The current draft-ietf-idr-bgp4-17 covers the case seen commonly today where a truncated AS_PATH due to creating an explicit aggregate (default Cisco behavior without the as-set option, the default "full" behavior in Juniper and the "brief" behavior from GateD) will add ATOMIC_AGGREGATE as well. The first case in the above paragraph is not implemented by any of the above implementations. The second case is implemented by all of them. The missing third case (from the specification) where the implicit aggregation is done on export isn't covered in the spec and thus wouldn't be implemented. There is a strong argument against actually implementing ATOMIC_AGGREGATE as defined in the spec, and especially so if you add in the missing case from the specification. This argument mainly comes down to the fact that a lot of additional memory would be wasted for almost no benefit. Implications: The BGP specification should be revised to reflect reality: No one fully implements ATOMIC_AGGREGATE. The existing case where AS_PATHs are truncated should be left in the specification and the implicit aggregation cases should be removed. The specification should be revised to note the situation ATOMIC_AGGREGATE was intended to deal with but recommend due to lack of implementation that operators be strongly discouraged from explicitly de-aggregating due to the dangers of forwarding loops. Thanks for your input and your patience. Any feedback on this analysis would be appreciated. (And this all started as an attempt to properly document ATOMIC_AGGREGATE in the BGP MIB. :-) -- Jeff Haas NextHop Technologies
AS21790 does this, and I don't know why. Plenty of /24's next to each other that could easily be /23. --Phil -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jeffrey Haas Sent: Tuesday, September 10, 2002 5:07 PM To: nanog@merit.edu Subject: ISPs who de-aggregate intentionally? As part of the process of making the latest BGP draft an IETF standard, the IDR working group is in the process of reviewing how the current draft reflects deployed code. As part of this effort, if anyone is aware of ISPs who intentionally de-aggregate routes and could contact me to share some of the reasoning and their methodologies behind this, I would greatly appreciate it. Please note - no names will be named, unless you want to be. A summary of the results will be posted back to this list. -- Jeff Haas NextHop Technologies
participants (2)
-
Jeffrey Haas -
Phil Rosenthal