de-peering and peering

Steve:

  Thanks for the reply. But when doing a traffic engineering i have the following problem. Consider the scenario.

Let us say Network A has a peering Agreement with Network B. Now let us say Network X wants to reach Network B. X and B do not have a peering agreement. Can Network A use the peering Link between A nd B to route the traffic of network X.

What are the mechanisms in place in B's network to detect that Network A is transiting the data( in this case network B looser) from Network X?

Basically what I am trying to arrive at is: Suppose the peering arrangement between A and B were to be for data originating from A and B only(and not transited). Can A or B misuse the peering agreement by masquerading transit data as if its originating from its own n/w?

thx,
shashi

Steve Naslund wrote:

Wipro_Disclaimer.txt (490 Bytes)

Let us say Network A has a peering Agreement with Network B. Now let us
say Network X wants to reach Network B. X and B do not have a peering
agreement. Can Network A use the peering Link between A nd B to route
the traffic of network X.

In the most common sense of the word "peering", no, it cannot.

What are the mechanisms in place in B's network to detect that Network A
is transiting the data( in this case network B looser) from Network X?

Network monitoring, statistics, sometime actual packet filters fed from RADB.
Sometimes pure luck: one day, a traceroute will reveal the trick.

Basically what I am trying to arrive at is: Suppose the peering
arrangement between A and B were to be for data originating from A and B
only(and not transited). Can A or B misuse the peering agreement by
masquerading transit data as if its originating from its own n/w?

Technically yes (some technical measures can be used against that). But it is a violation of the typical peering agreement and it will raise trouble

What is normally done is that we configure BGP so that we only advertise
routes to
our AS (and our customers ASs) over a peering connection. This would
prevent the peer from seeing any other
networks through that connection. If it is a smaller peer we also put up
filters that
allow only their IP blocks as the source and only route to their IP blocks
as the destination.
For larger peers with lots of blocks, this is difficult but the honor system
works pretty
well and you would have to do quite a bit of hands on work to fake out the
BGP filter.

To prevent you from coming in via a peering connection and out over my
transit links we
also filter the incoming connection from the transit provider to make sure
the traffic
is going to one of my IP blocks or one of my customer owned blocks. This
sounds complex
but most of our allocations are large so you are only talking about 10 or so
blocks.

Because it is a peering connection, it would be easy enough to dump a peer
you caught
cheating. We have been known on occasion to help out an especially helpful
peer. For
example, if you were my peer and you had lost your main transit connection,
I may have
enough bandwidth to drop my filters and provide you transit for a reasonable
time. This
is kind of being a good citizen and usually you can count on having the
favor returned.
Another favor we have done is this. Say for example that Digex can't get to
AboveNet (just
an example), if I am peered with both, I might allow transit between them
until they can get
their routing sorted out.

Abusing a peering session would be suicide from a business point of view
because getting
peering agreements at all means maintaining a good reputation. Regardless
of all the studies
that people claim to use to determine who to peer with, it all boils down to
whether we like
you or not and want to help out. One good example is that we generally
allow peering with almost
anyone as long as they are operating a good sized network and we will do
alot to help schools,
non-profits, and community networks. We also go out of our way to help
research organizations
such as the Department of Energy labs and university projects.

Overall peering helps the overall reliability of the Internet and
decentralizes traffic. We try to peer
unless we can find a good reason no to. Unfortunately a lot of people do
not adhere to bilateral peering agreement but we found them quite useful.
Our policy was that we would
look at private peering circuits on an individual basis and probably make
you pay the line costs but if
you are at one of the NAPs, we would peer with you there with no questions
asked. The logic behind it is
that if you have gone to the trouble of getting your own NAP connection, you
are important enough to peer
with and the expense of peering at the NAP is minimal anyway. It also
limits my network isolation when
my transit provider dies.

Steve

Basically what I am trying to arrive at is: Suppose the peering
arrangement between A and B were to be for data originating from A and B
only(and not transited).

Thats basically how peering agreements work.

Can A or B misuse the peering agreement by masquerading transit data as
if its originating from its own n/w?

You can abuse a peer to make it carry traffic it normally wouldn't by
doing things like:

- Pointing default, or setting a default route to your peer. This implies
  that you are using the link in a transit capacity, but really any route
  that isn't being advertised to you qualifies. At older L2 exchange points
  with everyone in a single peering vlan, you can people people dump traffic
  on you without ever being a peer.
- Resetting nexthop, or changing the nexthop on other existing routes,
  such as through a route-map. This accomplishes the same thing as above,
  but may be a little more stealthy, using routes that you know may not
  attract much attention, such as other peers of your peer.
- Selling or giving next-hop to a third-party. This is basically just the
  act of selling your peering routes to someone else. It may or may not be
  that bad, but most people have rules against it anyways.

If this is a peer with joe schmuck ISP down the street, there may not be
any formal legal agreement preventing these activities, and the worst that
would happen is they disconnect you and maybe spread the word about your
activities to other people you might want to peer with. If this is a
larger peer, they probably made you sign a peering agreement with specific
legal language, and are probably also more then willing to take you to
court for the services "stolen".

I even recall Paul Vixie saying that if you were caught defaulting into a
peer at a PAIX facility, they would seize your equipment and you would
have to sue them to get it back (though you would probably win, and if you
happened to have a recording of that NANOG you might even be able to prove
that it was premeditated and/or malicious activity). I'm not a terribly
big fan of people waving their lawyers around trying to scare others into
believing they can do illegal things (like Exodus and the unilateral "by
reading this email, you consent to our NDA" tagline nonsense), but lawyers
do cost money and big providers probably have more of them then you do.

That doesn't mean people don't abuse peers though. I don't know anyone
offhand who does, but I do know quite a few large ISPs that either until
very recently did nothing or continue to do nothing to prevent people from
abusing them. But all it takes is one bored engineer or one traceroute
from the wrong person, and you're busted.

What are the mechanisms in place in B's network to detect that Network A
is transiting the data( in this case network B looser) from Network X?

Well for the kind of abuse we're talking about here (networks dumping
traffic which doesn't belong into your peer), you can pretty much
discourage them by not routing it.

Some techniques that are used are:

- For non-peers dumping traffic at shared-vlan peering points, MAC filters.
- If you are big enough to have routers dedicated to just peering, don't
  carry anything other than customer routes on that router, and set a
  default route to null0. One peer can still route into another peer on
  that router, but it severely limits the scope of traffic they can dump
  into you.
- If you are lucky smart to have Juniper routers, setup a seperate
  routing-instance for each peer, with a discard route as default. Cisco
  has this functionality too (VRF) but it is considered VPN and usually
  isn't available on the trains of code you want to be running on your
  routers.
- If you have a Crisco, check out the BGP Policy Accounting feature. This
  will let you check counters and see if someone is dumping traffic they
  shouldn't be. Follow up with the clue bat.

I don't really know of any good way to prevent another network from
selling your nexthops. You can do something like RPF check your peers, but
then you can run into asymetric routing issues. But just like anyone who
is involved in selling "stolen" merchandise, they usually get busted when
they piss off someone who knows about their activities and they get ratted
out.