[163532] in North American Network Operators' Group
Re: Single AS multiple Dirverse Providers
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Mon Jun 10 15:49:35 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <2B2F57F4-9B55-4DB3-960E-21EAF96F3D0F@ianai.net>
Date: Mon, 10 Jun 2013 14:47:33 -0500
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 10, 2013, at 2:22 PM, Patrick W. Gilmore <patrick@ianai.net> =
wrote:
> Is it enough to keep the standard? Or should the standard have a =
specific carve out, e.g. for stub networks only, not allowing islands to =
provide transit. Just a straw man.
For the moment I'm not going to make a statement one way or another if =
this should be enshrined in an RFC or not...
I would like to be able to apply a route map to "allow as in" behavior:
ip prefix-list SPECIAL permit 192.168.0.0/24
!
route-map SAFETY permit 10
match ip prefix-list SPECIAL
set community no-export
!
router bgp XXX
neighbor a.b.c.d allowas-in route-map SAFETY
This is a belt and suspenders approach; first you can limit this =
behavior to only the netblocks you use at other locations, and be extra =
safe by marking them no-export on the way in. Implementation should be =
easy, anything that would normally be rejected as an AS-Path loop gets =
fed into the route-map instead.
This would mitigate almost all of the bad effects I can think of that =
can happen when the network and/or its upstreams fail to properly apply =
filters and all the sudden there are a lot more routes "looping" than =
should be, and no mechanism to stop them anymore! :)
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
