>>> I'm reasonable certain a customer of ours who is using one of our
>>> netblocks is using a different reverse path to reach us. How might I
>>> figure out who is allowing them to source traffic from IPs that belong
>>> to us?
>> you are implying that they are not allowed to multi-home using the ip
>> space you have assigned to them. good way to lose a customer.
> Does it count as multihoming when we are the only ones announcing the
> space?
almost an interesting question. but i think it is playing with words.
if i understand your original statement, they are clearly attached to at
least two providers.
perhaps it is fear of what they, possibly mistakenly, perceive to be
your policy regarding announcement of space that keeps them from
announcing normally to both, or more, links?
It could also be something simple like pricing. For example, in a large
colo facility, you might easily find that a number of providers offer
low cost transit, but not IP space. For a customer who is heavy on the
outbound traffic, they might find it more affordable to buy their inbound
plus IP space from you, and then dump onto Cogent or something like that
for outbound. Unless your contract specifically prohibits this, you're
probably not going to be able to prevent it.
... JG
[attributions lost]
> >>> I'm reasonable certain a customer of ours who is using one of our
> >>> netblocks is using a different reverse path to reach us. How might I
> >>> figure out who is allowing them to source traffic from IPs that belong
> >>> to us?
> >> you are implying that they are not allowed to multi-home using the ip
> >> space you have assigned to them. good way to lose a customer.
> > Does it count as multihoming when we are the only ones announcing the
> > space?
>
> almost an interesting question. but i think it is playing with words.
> if i understand your original statement, they are clearly attached to at
> least two providers.
>
> perhaps it is fear of what they, possibly mistakenly, perceive to be
> your policy regarding announcement of space that keeps them from
> announcing normally to both, or more, links?
It wasn't clear that the customer was a BGP downstream though by saying
'We are the only ones announcing the space', I think not. Non-BGP
multihoming is broken* and when not done out of ignorance generally is
the smoke pointing to the fire of someone trying to hide something.
Was very common for spammers to abuse no-uRPF networks in the early
days of broadband.
It could also be something simple like pricing. For example, in a large
colo facility, you might easily find that a number of providers offer
low cost transit, but not IP space. For a customer who is heavy on the
outbound traffic, they might find it more affordable to buy their inbound
plus IP space from you, and then dump onto Cogent or something like that
for outbound. Unless your contract specifically prohibits this, you're
probably not going to be able to prevent it.
I wonder if there is a drift of baseline assumptions between the current
wave of operators and previous ones? To me (and BCP38) it is beyond bad
practice to allow -and if allowed, to make use of- such sloppy edges.
If the other network truly is practicing bad forwarding hygiene then
they are a security problem for everyone else and IMO would be good for
naming and shaming.
Cheers,
Joe
* for the majority of the cases. I know there are purposeful Non-BGP
MOAS/anycast purposefully run by those who understand the implications.
It is unfortunate that their use of lack of inherent BGP path security
contribute to fuzzing what would otherwise have been a clear indicator
of 'bad' behavior. But same could be said for the deaggregators
using longest-match to have everyone else do their TE; water under
the bridge pushing work onto everyone else.