Hey there. Due to the pigheadedness of a specific ISP (which I wil *not*
allude to in any way, shape, or form, so don't bother asking), and in the
interest of conserving IP addresses, I've been faced with quite a challenge.
- The Premis:
A parent organization has an unused /16 of address space, for arguments
sake, let's say it's 172.16.0.0/16. It's out of the old "class B" address
range. Two groups within the organization want to bring up independant
Internet datacenters, and need /18 of address space, each. Since the parent
organization owns an unsed /16, the IP registry refuses to give the child
organizations any address space - they insist all address blocks assigned to
the parent organization be used, first.
ISPph (ph=pigheaded) has a BGP policy that filters out all routes in
22.214.171.124/2 longer than /16.
- The network:
One group has Internet connectivity to 2 Tier1 ISPs (ISPa and ISPb) in North
America. They announce out 172.16.0.0/18 to both ISPs from AS65001.
The other group gets Internet connectivity to ISPc and ISPc in South
America. They announce 172.16.64.0/18 to their ISPs from AS65002.
There is no private network connectivity or backbones between the 2
- The result:
ISPph blocks out the /18s at the peering connections to ISPa, ISPb, ISPc,
and ISPd. So, customers of ISPph cannot see servers on AS65001 or AS65002.
- The workaround:
We announce 172.16.0.0/16 as well as 172.16.0.0/18 from AS65001 to ISPa and
ISPb. In our preliminary testing, we've found that what happens is that
ISPph would route traffic to 172.16.64.0/18 to ISPa (or ISPb, but we'll
assume ISPa has a better connection to ISPph), because it learned the
172.16.0.0/16 route from there. ISPa is hearing the *more specific* /18
from ISPc and ISPd, so it transits the traffic over to ISPc, which then
delivers it to the South American site.
1) is there a reason to announce the /16 from both ASs? Is that "legal?"
2) under normal situations (assume no link failures) would this cause any
3) Is there a link failure scenario that would cause the /16 to create a
blackhole for the 172.16.64.0/18 network?
4) Would you recommend this as a fix?
Of course, it would make ISPa transit for ISPph, but they're pigheaded
enough to make the Internet suck that way.
Thanks for your time!