RE: Strange practices?

Murphy_Jay_DOH · June 7, 2010, 9:59pm

"So if the enterprise loses connectivity to one of these two providers, does the provider without working connectivity to the enterprise have mechanism in place to cease originating the address space?"

Yes, BGP updates.

~Jay Murphy
IP Network Specialist
NM State Government

IT Services Division

PSB - IP Network Management Center

Santa Fé, New México 87505

Bus. Ph.: 505.827.2851

"We move the information that moves your world."

"Good engineering demands that we understand what we're doing and why, keep an open mind, and learn from experience."

"Engineering is about finding the sweet spot between what's solvable and what isn't."

Radia Perlman

P Please consider the environment before printing e-mail

Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.

Steve_Bertrand3 · June 7, 2010, 10:38pm

...again, I'm confused.

BGP updates from where to where? From how I understand the OP's original
question, there is no BGP.

Hence, if one of the providers is statically routing the prefix to an
interface or un-numbered as opposed to an IP address, then blackholing
can occur if IP reachability is broken, but the link-layer is not. Is
this not correct?

Steve

Alan_Hetzel · June 7, 2010, 10:41pm

Perhaps the providers BGP is just being fed from interface anchored static
routes which will, hopefully, drop out if the customer facing interface goes
down. Of course, this is realistic if we're talking about actual circuits
like a T-1, not so much if we're talking metro ethernet or something...

Bill_Fehring · June 7, 2010, 10:42pm

Um, it wasn't a trick question Jay, and as others have stated, since
the providers are statically routing this address space to their
common customer, this would require a coordinated effort to manually
(or preferably automatically) shutdown the advertisement should
connectivity be lost to the customer. There are a number of ways that
could be achieved, but it's obviously important that it is.

-Bill

Murphy_Jay_DOH · June 7, 2010, 10:48pm

Steve,

We are obviously interpreting this in different slants.
Definition of Transit service: for example, AS200 is said to receive transit service from, let's say AS3356, if through this connection, AS200 receives connectivity to the entire Internet and not only AS3356 and its customers.

Yes I understand the customer is using static, however, some providers use BGP, and they use BGP to peer with other ISPs, that's it.

~Jay Murphy
IP Network Specialist
NM State Government

IT Services Division
PSB – IP Network Management Center
Santa Fé, New México 87505
"We move the information that moves your world."
“Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.”
“Engineering is about finding the sweet spot between what's solvable and what isn't."
Radia Perlman
 Please consider the environment before printing e-mail

Murphy_Jay_DOH · June 7, 2010, 10:52pm

Right on...

~Jay Murphy
IP Network Specialist
NM State Government

IT Services Division

PSB - IP Network Management Center

Santa Fé, New México 87505

"We move the information that moves your world."

"Good engineering demands that we understand what we're doing and why, keep an open mind, and learn from experience."

"Engineering is about finding the sweet spot between what's solvable and what isn't."

Radia Perlman

P Please consider the environment before printing e-mail

Murphy_Jay_DOH · June 7, 2010, 10:58pm

Yes, I understand this point. So, elaborate on the answer... I am not making something simple, complex, homey.

~Jay Murphy
IP Network Specialist
NM State Government

IT Services Division
PSB – IP Network Management Center
Santa Fé, New México 87505
"We move the information that moves your world."
“Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.”
“Engineering is about finding the sweet spot between what's solvable and what isn't."
Radia Perlman
 Please consider the environment before printing e-mail

Steve_Bertrand3 · June 7, 2010, 11:07pm

Steve,

We are obviously interpreting this in different slants.

Agreed

Definition of Transit service: for example, AS200 is said to receive transit service from, let's say AS3356, if through this connection, AS200 receives connectivity to the entire Internet and not only AS3356 and its customers.

Yes. The OP has transit through two separate ISPs. Neither of which
provide him a BGP session, because one of the providers doesn't seem
willing/capable to do so, even though the ISP who is responsible for the
space has provided the other with an LOA to allow the prefix to
originate from their ASN.

Essentially, the OP is transiting through both ISPs, but not providing
any transit services, and the transit path is provided via static routes
as opposed to dynamic ones.

Yes I understand the customer is using static, however, some providers use BGP, and they use BGP to peer with other ISPs,

s/some/real

...and not only for peering, but for transit (to the DFZ) as well.

that's it.

I have had a couple discussions with people off list. Although I don't
know the reasoning for the OP's ISP's decision to not use BGP, in cases
that I've dealt with this, it is usually due to lack of clue on how to
use private ASs, or BGP in general. These ISPs (in my experience) have
their DFZ-facing sessions set up by their upstreams, and don't have the
knowledge to configure BGP toward the clients.

Personally, if this is the case, then I'd be just as concerned with
their ability to ensure that a proper configuration to auto-detect
failure that causes removal of the prefix from their tables to avoid
blackholes. With that said, I'd also be just as concerned with their BGP
troubleshooting and filtering abilities if they were to offer a session.

Some of the smaller ISPs that fit this bill will actually allow you to
work with them and provide them advice along the way, if not even
contract the client as a consultant to ensure that this new-to-them
setup is documented properly so it can be re-used with other clients.

Also, I'm sure that it would be more work to co-ordinate the efforts for
a static setup like this between two providers than it would be to just
set up BGP. More documentation (and unnecessary static routes too).

Steve

sjk1 · June 8, 2010, 4:14am

Bill Fehring wrote: