Home page logo
/

nanog logo nanog mailing list archives

Re: Level 3 BGP Advertisements
From: "Nick Olsen" <nick () flhsi com>
Date: Wed, 29 Aug 2012 15:51:10 -0400

Thanks for the input Jon.
I should note that is exactly what we are doing. The /24's are actually 
tagged with the advertise to customers, prepend to peers community.

Nick Olsen
Network Operations (855) FLSPEED  x106

----------------------------------------
 From: "Jon Lewis" <jlewis () lewis org>
Sent: Wednesday, August 29, 2012 3:48 PM
To: "Nick Olsen" <nick () flhsi com>
Subject: Re: Level 3 BGP Advertisements

On Wed, 29 Aug 2012, Nick Olsen wrote:

Anyways, I've always thought that was standard practice. And its never 
been
a problem. Until we brought up peering with level 3..

No...I'd call that global table pollution.  In general, there's no reason 
you should announce your CIDRs and all their /24 subnets.

I noticed that while the /24's made it out to the world. The larger
counterparts (2 /21's and a /20) did not. So, I start sniffing around. 
Find
that I do indeed see the prefixes in Level 3's looking glass but they
aren't handing it off to peers. So, Naturally, I land on this being some
kind of prefix filtering issue and open a ticket with Level 3. They tell 
me
this is standard practice. And If I want to see the /20 or /21's make it
out to the rest of the world, I need to stop sending the /24's.

Does this sound normal?

No.  I announce to Level3 our IP space and 2 subnets of each CIDR (i.e. 
/17 + 2 /18 subnets of that /17, etc.), but I use community tags (and 
other tricks) to mark the more specifics as advertise to [certain] L3
customers only, and let the less specifics out to the world.  The only 
problems I've had with this have been when L3 peers have become customers, 

and one L3 customer doing something odd (never did find out what) that 
caused them to effectively null route our space until I kept them from 
seeing the more specifics (creative abuse of loop detection).

Level3's prefix filter for your session should be built based on IRR data. 

If it's not doing what you want, you probably haven't setup the IRR data 
properly.

----------------------------------------------------------------------
Jon Lewis, MCP :)           |  I route
Senior Network Engineer     |  therefore you are
Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]