[132807] in North American Network Operators' Group
Re: regional ASN's
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Dec 1 17:48:13 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <4CF6C6C6.7090601@brightok.net>
Date: Wed, 1 Dec 2010 17:47:54 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 1, 2010, at 5:05 PM, Jack Bates wrote:
> On 12/1/2010 3:56 PM, Patrick W. Gilmore wrote:
>> Having islands which point default is not ugly. They are probably =
pointing default anyway.
>=20
> If all sites strictly do default, fine. However, one could say static =
routing would work fine there too; and then you don't need an ASN. If =
each site is multihomed (the usual reason to run BGP), you might want to =
see the routes to apply appropriate traffic policies to them.
Just because you have one transit doesn't mean you shouldn't do BGP. =
Consider the router at an exchange point with 100+ peers and one =
transit, for instance.
>> If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
>=20
> Works, but you usually need to be careful when utilizing that method =
to prevent loops.
There is always a "you usually need to be careful" with any =
implementation, including a network without islands.
If this is, for instance, a bunch of remote offices with a single router =
& two upstreams each, there is zero risk of routing loops. Otherwise, =
there are always considerations, whatever your topology choice.
>> But your network, your decision. Mine runs fine like that.
>=20
> I'm surprised that you left out the obvious workaround and depending =
on the traffic, the most appropriate model (leaving workaround status), =
create an encrypted channel between the networks and run iBGP over it.
If you think you need to be careful with allowas-in, you need to be an =
order of magnitude more careful with tunnels.
Plus I don't like GRE. :)
--=20
TTFN,
patrick
