Home page logo
/

nanog logo nanog mailing list archives

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
From: Jack Bates <jbates () brightok net>
Date: Mon, 09 Jun 2003 15:52:36 -0500


Andy Dills wrote:


What sorts of 'unique' routing policies justify an ASN?


ISP has a corporate customer that decides to multi-home. While ISP is not multi-homed themselves, they must have an ASN to speak BGP and pass routing information between their corporate customer and their provider.

So an ISP may not quite fit the bill. Imagine a holding company that oversees a bunch of companies with independant networks, yet they all meet up at the holding company's network. For ease of maintenance between the companies (let's say there's 10 of them), they run BGP with private ASNs and the holding company default routes to their provider. Company X decides that they have a more network sensitive application which requires extra redundancy. They bring up a circuit to another network, get an ASN (as they are multi-homed now). In order for this to work, the Holding company must run an ASN and speak bgp to it's provider (and confederates are our friend).

I'm sure there are weirder routing policies, and some may even qualify for an ASN and BGP without any section of the network or it's downstreams being multi-homed. In some cases, it may be convenience or security.

For example. In the above senario, what if some of the real IP addresses held by a few of the companies should only be routed between the companies and not out to the public Internet. In such a senario, one could say that packet filtering is adequate, although not routing the netblock to begin with would definately be more secure (and fall under a routing policy requiring BGP in a non-multi-homed senario). With the holding company running BGP to it's provider, which netblocks get routed to the public and which go to companies X, Y, and Z only is trival. The RiR's do not dictate what proper routing policy is. They manage the assignments. Obviously, if all the companies fit within a /22, there might be some complaints. If the companies had a /18+ of address space, there might be just cause to allow them to do BGP and thus have an ASN, even with a single peer.


-Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]