[155891] in North American Network Operators' Group
RE: Level 3 BGP Advertisements
daemon@ATHENA.MIT.EDU (STARNES, CURTIS)
Wed Aug 29 16:56:26 2012
From: "STARNES, CURTIS" <Curtis.Starnes@granburyisd.org>
To: William Herrin <bill@herrin.us>, "nick@flhsi.com" <nick@flhsi.com>
Date: Wed, 29 Aug 2012 15:55:51 -0500
In-Reply-To: <CAP-guGV-md7VBfknok2LwNr4wqSgy-8FmxhSBHFXKah-4iD=sg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sorry for the top post...
Not necessarily a Level 3 problem but;
We are announcing our /19 network as one block via BGP through AT&T, not br=
oken up into smaller announcements.
Earlier in the year I started receiving complaints that some of our client =
systems were having problems connecting to different web sites.
After much troubleshooting I noticed that in every instance the xlate in ou=
r Cisco ASA for the client's IP last octet was either a 0 or 255.
Since I am announcing our network as a /19, the subnet mask is 255.255.224.=
0, that would make our network address x.x.192.0 and the broadcast x.x.223.=
255.
So somewhere the /24 boundary addresses were being dropped.
Just curious if anyone else has seen this before.
-----Original Message-----
From: William Herrin [mailto:bill@herrin.us]=20
Sent: Wednesday, August 29, 2012 3:36 PM
To: nick@flhsi.com
Cc: nanog@nanog.org
Subject: Re: Level 3 BGP Advertisements
On Wed, Aug 29, 2012 at 3:28 PM, Nick Olsen <nick@flhsi.com> wrote:
> In practice, We've always advertised our space all the way down to=20
> /24's but also the aggregate block (the /20 or the /21). Just so there=20
> was still reachability to our network in the event that someone made=20
> the foolish mistake of filtering lets say prefixes smaller /23...
>
> Anyways, I've always thought that was standard practice.
That's very poor practice. Each announcements costs *other people* the bett=
er part of $10k per year. Be polite with other peoples' money. If the /24 s=
hares the exact same routing policy as the covering route, announce only th=
e covering route.
For all the good it'll do you, you can break it out to /24's when and if so=
meone mis-announces one of your address blocks. Competing announcements of =
the /24 still won't leave you with correct connectivity. If anything, putti=
ng the /24 announcement in ahead of time will delay your detection of the p=
roblem by causing a partial failure instead of a total one.
> I noticed that while the /24's made it out to the world. The larger=20
> counterparts (2 /21's and a /20) did not. So, I start sniffing around.=20
> Find that I do indeed see the prefixes in Level 3's looking glass but=20
> they aren't handing it off to peers. So, Naturally, I land on this=20
> being some kind of prefix filtering issue and open a ticket with Level=20
> 3. They tell me this is standard practice. And If I want to see the=20
> /20 or /21's make it out to the rest of the world, I need to stop sending=
the /24's.
>
> Does this sound normal?
That's insane. Assuming you're authorized to announce that address space, L=
evel 3 should be propagating your announcements exactly as you make them. A=
s only one of your peers, they're in no position to understand the traffic =
engineering behind your announcement choices.
If they are acting as you say, they are dead wrong to do so.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls C=
hurch, VA 22042-3004
