[81421] in North American Network Operators' Group
Re: Active BGP Probing and large AS-sets
daemon@ATHENA.MIT.EDU (Lorenzo Colitti)
Thu Jun 9 10:46:55 2005
Date: Thu, 09 Jun 2005 16:46:25 +0200
From: Lorenzo Colitti <lorenzo@ripe.net>
To: Martin Hannigan <hannigan@verisign.com>
Cc: nanog@merit.edu
In-Reply-To: <A206819EF47CBE4F84B5CB4A303CEB7A5214DE@dul1wnexmb01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog@merit.edu
Hannigan, Martin wrote:
> Yes, but last time you said you were going to use
> _other peoples_ ASN's to test with and allow these
> announcements beyond your borders.
>
> Is this still the case?
The probing AS (call it Z) announces one of its prefixes to the Internet
with an AS-path that is not just Z but Z {a,b,c...}, where a,b,c,... are
the numbers of other ASes in the Internet.
For the technique to be useful, the numbers in the set must belong to
ASes that actually receive Z's announcements. These ASes will not use or
propagate the route, effectively "disappearing" from the Internet as far
as the prefix is concerned. This causes alternate and backup paths, not
normally visible, to become active for that prefix.
By looking at RIS and RV and the looking glasses of other ASes, Z can
then see who propagates the prefix, where its announcements go, if other
ASes have particular preferences for particular paths to it, and so on.
Apart from the different AS-path, the prefix is announced in the same
way as all the other prefixes belonging to Z.
So yes, the ASes inserted in the AS-set are operated by others, and yes,
the announcements are sent out to the Internet at large.
Regards,
Lorenzo
--
lorenzo@ripe.net colitti@dia.uniroma3.it
www.ripe.net www.dia.uniroma3.it/~compunet
RIPE NCC Roma Tre Computer Networks research group
