[151007] in North American Network Operators' Group
Re: filtering /48 is going to be necessary
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Mar 9 18:07:58 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4F5A6D25.6070907@birkenwald.de>
Date: Fri, 9 Mar 2012 15:02:13 -0800
To: Bernhard Schmidt <berni@birkenwald.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 9, 2012, at 12:50 PM, Bernhard Schmidt wrote:
> On 09.03.2012 20:31, Owen DeLong wrote:
>=20
> Hi,
>=20
>> Let us not forget that there is also the issue of PA /48s being
>> advertised (quasi-legitimately) for some end-user organizations that
>> are multi-homed but choose not to get PI space. It is not uncommon to
>> obtain a PA /48 from provider A and also advertise it from Provider
>> B.
>=20
> While I agree it's not uncommon, I'm not a big fan of this setup. =
Also, provider A should still have his aggregate announced, which would =
allow strictly filtering ISPs to reach the destination anyway.
>=20
I'm not a big fan, either, but, I think that the concept of "be =
conservative in what you announce and liberal in what you accept" has to =
apply in this case. Since it is a common (quasi-)legitimate practice, =
arbitrarily filtering it is ill-advised IMHO.
The statement about the covering aggregate assumes that there are no =
failures in the union of {site, loop, provider A}.
In the event that there is such a failure, the aggregate may not help =
and may even be harmful.
Since one of the key purposes of this kind of multihoming is to provide =
coverage in the event of such a failure, filtration of the more-specific =
seems to defeat the purpose.
> Announcing /48s from a PA block without the covering aggregate calls =
for trouble.
No question. However, the covering aggregate alone is also insufficient.
Owen
