[23596] in North American Network Operators' Group
Re: BGP advertisements of peering points
daemon@ATHENA.MIT.EDU (Alex Bligh)
Tue Mar 30 16:49:59 1999
From: Alex Bligh <amb@gxn.net>
To: Andy McConnell <andym@ntt.net>
Cc: nanog@merit.edu
In-reply-to: Your message of "Tue, 30 Mar 1999 09:39:27 -0800."
<Pine.BSF.3.95LJ1.1b3.990330093555.76080G-100000@dukat.noc.cup.ndp.net>
Date: Tue, 30 Mar 1999 22:49:43 +0200
Errors-To: owner-nanog-outgoing@merit.edu
Andy,
andym@ntt.net said:
> I've noticed some ISPs (BBN (*ahem* GTE), UUNET and Verio
> specifically) are advertising the PAIX peering network (198.32.176.0)
> as originating from their AS.
>
> Is this a common practice for all ISPs, or just enough to make the IX
> reachable
Normally this is up to the exchange point. Several, like LINX in the
UK, have their own AS to correctly originate this. Announcing the
DMZ unilaterally is not good practice. This often courses problems
for some people with "unprotected" networks who carry around the
next hop of routes external to their AS as the address on the DMZ
and expect the DMZ route to be carried in their IGP, as if they
accept a BGP route for the DMZ it will often have a better administrative
weight and they will send traffic to the advertiser/leaker. Sane
people protect their networks with inbound BGP filters. Many sane
people also carry around loopback addresses only internally rather
than DMZ's over whose announcement they have little control (on
Cisco's set next-hop-self on iBGP peerings - there is little reason
not to).
IMHO the exchange point originating the DMZ in their own AS with defined
transit arrangements for this AS *is* good practice. Others' religions
may vary.
--
Alex Bligh
GX Networks (formerly Xara Networks)
