[169333] in North American Network Operators' Group
Re: question about AS relationship
daemon@ATHENA.MIT.EDU (Song Li)
Fri Feb 21 01:57:46 2014
Date: Fri, 21 Feb 2014 14:57:07 +0800
From: Song Li <refresh.lsong@gmail.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaY9Yk+dhfSdyQ-oZOTxAfXxB8brYz2-XjRnBinaGrVYqw@mail.gmail.com>
Cc: nanog list <nanog@nanog.org>
Reply-To: refresh.lsong@gmail.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+----------+ +---------+
| provider1| |provider2|
+----------+ +---------+
^ ^
| |
| |
+--------+ ++-------++ +----------+
|peer AS2+-----+ AS 1 +----+peer AS3 |
+--------+ +---------+ +----------+
^ ^
| |
+------------+ +-------------+
|customer AS4| |customer AS5 |
+------------+ +-------------+
um....
sorry, my question is:
the AS relationship between AS1 and AS2/3 is peer, and AS1 cannot
announce routes from AS3 to provider1 by rule. But if AS1 do it, and the
realtionship between AS1 and AS3 is invisible to provider1, how can
provider1 detect this route leak without knowing the privacy?
In other words, could the business relationship between AS1 and AS3 be
known to provider1/2?
Thanks.
Sky li
>
> perhaps you should draw a little ascii art, I think you're asking:
>
> DS1 - customer - you - isp
>
> "can DS1's relationship to 'customer' be secret"
>
> no. well, not if they want:
> 1) to use a public ASN
> 2) use ip space which isn't part of 'customer' aggregate
> 3) want to be reachable on the internet
>
> It's safe to say that your goal as an ISP and a customer of an ISP, should be:
> "Make sure that all of my routes and the routes of my customers and
> their customers, that I'm expected to provide transit for, are in my
> ISP's filters."
>
> -chris
> (and as someelse pointed out: "If they use BGP and expect global
> reachabilty... then the information isn't private anyway.")
>
>> --
>> Sky Li
>>
>>
>>> On Thursday, February 20, 2014 08:09:35 PM Christopher
>>> Morrow wrote:
>>>
>>>>
>>>> so, yes. pleass tell your upstream your customers so
>>>> proper filtering can be automated and implemented.
>>>>
>>>> don't turn up bgp customers without filtering, that kills
>>>> kittens.
>>>
>>> For all the leaking I've seen in the last four weeks
>>> (including a well-known operator that was involved in the
>>> Youtube/Pakistan saga + other well-known global operators
>>> that could be classified as "a reasonably large tier"),
>>> we're still a long way away ensuring all customer prefixes
>>> are filtered correctly at the inter-domain peering edge. A
>>> loooooooong way away...
>>>
>>> Mark.
>>
>>
>>
