Consequences of BGP Peering with Private Addresses

James_Grace · June 15, 2011, 4:47pm

Hey All,

So we're running out of peering space in our /24 and we were considering using private /30's for new peerings. Are there any horrific consequences to picking up this practice?

Cheers,
James

ianai · June 15, 2011, 4:54pm

"Horrific"? How about: "Most peers won't bring up a session."

What happens if the peer is using 1918 space internally?

Nick_Hilliard3 · June 15, 2011, 4:54pm

yes. it causes nasty problems if you use urpf (as you should), in particular with pmtu discovery and traceroute.

Nick

Ca_By · June 15, 2011, 4:56pm

You can reclaim space by switching your peerings to /31s where possible.

If you go down the private space route, make sure you and your peers
know about "next hop self"

Cameron

Isabel_Dias · June 15, 2011, 4:59pm

IPv4? IPv6?

are you planning to do NAT or PAT?
Are you using a bogous ASN 64512 through 65534 to be used for private purposes?
/30 -> 4 addresses/2 hosts -> you can't do a mesh configuration w/ that subnet mask..........

Isabel_Dias · June 15, 2011, 5:07pm

i guess you have a lot of ibgp sessions ..........

bgp finite state model
http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/finite_state_model.shtml

http://docs.google.com/viewer?a=v&q=cache:C5Rq3DV63akJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.71.3908%26rep%3Drep1%26type%3Dpdf+BGP+finite+machine&hl=en&gl=uk&pid=bl&srcid=ADGEESiwviFqLXrhPybI3RwpVftr_qlgTSZbIzw2b6rlIEAKE8pqIN-D_2BpJIDacMx18AVSBpZtVAYLoPiUcsLbzDOVAcH9whrXJqB8zFm6R7ImuKNoC8dkYD_OHliYNrldoLGde9Hc&sig=AHIEtbQa0Typ1WE3rB9ztWZaYFIA8t-mag

http://tools.ietf.org/html/rfc4271

Jeff_S_Wheeler1 · June 16, 2011, 11:09am

I agree with other posters that this is not a good practice. Is it
somehow not possible for you to obtain additional address space? Can
you not use neighbor-assigned /30s more frequently to avoid exhausting
your existing allocation?

For eBGP neighbors, I would sooner use non-unique /30s than utilize
RFC1918 space. While this would not allow for correct reverse DNS,
and traceroute would be less obvious, it has fewer disadvantages than
assigning RFC1918 for your peer link-nets. You will need to re-write
next-hop towards iBGP neighbors, though (using next-hop-self or
translating to internal numbers for routing protocol use) and you
should not re-use the same /30 twice on the same ASBR.

This may sound crazy, and it is certainly not an ideal way of doing
things; but it is an alternative worth consideration as networks
exhaust their available IPv4.

Tom_Hill · June 16, 2011, 12:44pm

I was going to mention this, but it's only the neighbor address that is
IPv6. You still need an IPv4 next-hop and that is where the issue is in
using RFC1918 within this scenario.

Tom

Leigh_Porter · June 16, 2011, 1:28pm

And that will teach me not to read the thread!

asrnanog · June 16, 2011, 1:33pm

Also absent from this discussion is that the RIRs are still issuing
address space, and interface addressing is perfectly reasonable
justification.

-a

Gaurab_Raj_Upadhaya · June 17, 2011, 1:33am

This might summarize it nicely.

http://www.ietf.org/id/draft-kirkham-private-ip-sp-cores-04.txt

- -gaurab

- --

http://www.gaurab.org.np/

Dobbins_Roland · June 22, 2011, 4:10am

<http://tools.ietf.org/html/draft-kirkham-private-ip-sp-cores-04>