Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: dual ISP connections
From: "Eagle Fire" <tlecuauhtli () googlemail com>
Date: Thu, 6 Jul 2006 10:08:25 +0100

   Yes, that is true. It is not good to split contigous adress space.
I guess I did not explain it well, I apologize for that.

   I meant, if you have several non-contigous "/something" you can
announce some of them to one ISP with some pre-pend information and
some others to the other ISPs. But it is just an specific solution for
some very specific situations.

-ef

On 05/07/06, Patrick M. Hausen <hausen () punkt de> wrote:
Hello!

The outgoing is not so hard with BGP. The incomming traffic is the
interesting thing.

True.

You can pre-pend some AS info to one of your ISPs,
but sometimes the balancing is complete unbalanced. Also you can split
your IP space to try to balance some traffic.

Splitting your IP space into smaller pieces is strongly discouraged.
You are cluttering the default free zone with multiple prefixes
where one would be sufficient and your announcements may even be
filtered and blocked. E.g. in the RIPE area the smallest PA allocation
is a /20. There are ISPs who assume that any longer prefix
out of the RIPE address range is a bogus announcement.

Reasonable upstreams provide community attributes to prepend when
announcing to certain big players. E.g. one of our upstreams:

$ whois -r AS12306
...
remarks:        C o m m u n i t y    D e f i n i t i o n s
remarks:
remarks:        12306:1000   do not announce at the DE-CIX
remarks:        12306:1011   single prepend when announcing at the DE-CIX
remarks:        12306:1012   double prepend when announcing at the DE-CIX
remarks:        12306:1013   triple prepend when announcing at the DE-CIX
remarks:        12306:1014   quad prepend when announcing at the DE-CIX
remarks:
remarks:        12306:3000   do not announce to DTAG AS3320
remarks:        12306:3011   single prepend when announcing to DTAG AS3320
remarks:        12306:3012   double prepend when announcing to DTAG AS3320
remarks:        12306:3013   triple prepend when announcing to DTAG AS3320
remarks:        12306:3014   quad prepend when announcing to DTAG AS3320
remarks:
remarks:        12306:4000   do not announce at the INXS
remarks:        12306:4011   single prepend when announcing at the INXS
remarks:        12306:4012   double prepend when announcing at the INXS
remarks:        12306:4013   triple prepend when announcing at the INXS
remarks:        12306:4014   quad prepend when announcing at the INXS
remarks:
remarks:        12306:9100   do not announce to CW
remarks:        12306:9111   single prepend when announcing to CW
remarks:        12306:9112   double prepend when announcing to CW
remarks:        12306:9113   triple prepend when announcing to CW
remarks:        12306:9114   quad prepend when announcing to CW
remarks:
remarks:        12306:9200   do not announce to ABOVENET AS6461
remarks:        12306:9211   single prepend when announcing to ABOVENET
remarks:        12306:9212   double prepend when announcing to ABOVENET
remarks:        12306:9213   triple prepend when announcing to ABOVENET
remarks:        12306:9214   quad prepend when announcing to ABOVENET
remarks:
...


Regards,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
--
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]