[168200] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Jan 15 10:57:35 2014
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAP-guGVx6oB3AQt+Ykz0hSB+=YFZDyxTQT-R8uQdDZmQ4=dTJQ@mail.gmail.com>
Date: Wed, 15 Jan 2014 10:57:02 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 15, 2014, at 10:44 , William Herrin <bill@herrin.us> wrote:
> On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore =
<patrick@ianai.net> wrote:
>> NEVER EVER EVER put an IX prefix into BGP, IGP, or even
>> static route. An IXP LAN should not be reachable from any
>> device not directly attached to that LAN. Period.
>>=20
>> Doing so endangers your peers & the IX itself. It is on the order
>> of not implementing BCP38, except no one has the (lame,
>> ridiculous, idiotic, and pure cost-shifting BS) excuse that they
>> "can't" do this.
>=20
> Hi Patrick,
>=20
> I have to disagree with you. If it appears in a traceroute to
> somewhere else, I'd like to be able to ping and traceroute directly to
> it. When I can't, that impairs my ability to troubleshoot the all too
> common can't-get-there-from-here problems. The more you hide the
> infrastructure, the more intractable problems become for your
> customers.
>=20
> The IXP LAN should be reachable from every device on the ASes which
> connect to it, not just the immediate router.
We disagree.
Plus, you really can't type "ping" on the router connected to the IXP?
_If_ you can guarantee your network has zero bots, abusable =
[DNS|NTP|etc.] servers, all your downstreams are perfectly clean, etc., =
etc., then maybe I could see you carrying it in your IGP.
As I know 100% of ISPs (to at least one decimal place) cannot make such =
a guarantee, then doing so puts the IXP and all other members - whether =
peers of yours or not - at risk. Putting others at risk because you are =
lazy or because it makes your life easier is .. I believe I called it =
bad manners before.
But let's take the philosophical out of this. The prefix in question is =
owned by the IXP. I said in an earlier post that if you carry a prefix I =
own, did not announce to you, and make it very clear I specifically do =
not want you to carry, I will ask you to stop or face possible =
disconnection. You may claim convergence (a bit of BS), troubleshooting =
(non-issue, IMO), or even "but I waaaaaaaaaaaant to!!1!1!" (whatever). =
Doesn't matter. That's not your prefix, you were not given it and told =
not to carry it, so Do Not Carry It.
Ask your IXP if they mind whether you carry the prefix. See what they =
say.
--=20
TTFN,
patrick
