[155900] in North American Network Operators' Group
RE: Level 3 BGP Advertisements
daemon@ATHENA.MIT.EDU (Harry Hoffman)
Wed Aug 29 20:35:11 2012
In-Reply-To: <A5FACB06A6163C4790FAE19E1C9314D7013A4D4EE32C@MAILSRV.granbury.k12.tx.us>
From: Harry Hoffman <hhoffman@ip-solutions.net>
Date: Wed, 29 Aug 2012 20:06:37 -0400
To: "STARNES, CURTIS" <Curtis.Starnes@granburyisd.org>,William Herrin
<bill@herrin.us>,"nick@flhsi.com" <nick@flhsi.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is what happens when old network folk don't learn about new conventi=
on or new network / security folk read old books.
And it happens alot!
Although not as common as blanket blocking of ICMP .
--=20
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
"STARNES, CURTIS" <Curtis.Starnes@granburyisd.org> wrote:
Sorry for the top post...
Not necessarily a Level 3 problem but;
We are announcing our /19 network as one block via BGP through AT&T, not =
broken up into smaller announcements.
Earlier in the year I started receiving complaints that some of our clien=
t systems were having problems connecting to different web sites.
After much troubleshooting I noticed that in every instance the xlate in =
our Cisco ASA for the client's IP last octet was either a 0 or 255.
Since I am announcing our network as a /19, the subnet mask is 255.255.22=
4.0, that would make our network address x.x.192.0 and the broadcast x.x.=
223.255.
So somewhere the /24 boundary addresses were being dropped.
Just curious if anyone else has seen this before.
-----Original Message-----
From: William Herrin [mailto:bill@herrin.us]=20
Sent: Wednesday, August 29, 2012 3:36 PM
To: nick@flhsi.com
Cc: nanog@nanog.org
Subject: Re: Level 3 BGP Advertisements
On Wed, Aug 29, 2012 at 3:28 PM, Nick Olsen <nick@flhsi.com> wrote:
> In practice, We've always advertised our space all the way down to=20
> /24's but also the aggregate block (the /20 or the /21). Just so there=20
> was still reachability to our network in the event that someone made=20
> the foolish mistake of filtering lets say prefixes smaller /23...
>
> Anyways, I've always thought that was standard practice.
That's very poor practice. Each announcements costs *other people* the be=
tter part of $10k per year. Be polite with other peoples' money. If the /=
24 shares the exact same routing policy as the covering route, announce o=
nly the covering route.
For all the good it'll do you, you can break it out to /24's when and if =
someone mis-announces one of your address blocks. Competing announcements=
of the /24 still won't leave you with correct connectivity. If anything,=
putting the /24 announcement in ahead of time will delay your detection =
of the problem by causing a partial failure instead of a total one.
> I noticed that while the /24's made it out to the world. The larger=20
> counterparts (2 /21's and a /20) did not. So, I start sniffing around.=20
> Find that I do indeed see the prefixes in Level 3's looking glass but=20
> they aren't handing it off to peers. So, Naturally, I land on this=20
> being some kind of prefix filtering issue and open a ticket with Level=20
> 3. They tell me this is standard practice. And If I want to see the=20
> /20 or /21's make it out to the rest of the world, I need to stop sendi=
ng the /24's.
>
> Does this sound normal?
That's insane. Assuming you're authorized to announce that address space,=
Level 3 should be propagating your announcements exactly as you make the=
m. As only one of your peers, they're in no position to understand the tr=
affic engineering behind your announcement choices.
If they are acting as you say, they are dead wrong to do so.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>; Fall=
s Church, VA 22042-3004
