Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates this block in BGP? One
of the ISP's in this case owns the block and has even provided a letter of
authorization to the other, allowing them to announce it in BGP as well.
I had personally never heard of this and am curious if this is a common
practice as well as if this would potentially create any problems by 2
Autonomous Systems both originating the same prefix.
I had personally never heard of this and am curious if this is a
common practice as well as if this would potentially create any
problems by 2 Autonomous Systems both originating the same prefix.
The 6to4 anycast gateway RFC practically mandates this, and it does
work when you're doing anycast. But with static routes, you cannot
handle some failure scenarious, and that usually a good reason to stay
away from such setups. Of course, in the world of real routers, there
might be constraints such lack of memory or processing power to handle
BGP. 8-/
Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates this block in BGP?
Yes; tends to happen for clueless endpoints or providers who don't
expressly require BGP for multihoming.`
One
of the ISP's in this case owns the block and has even provided a letter of
authorization to the other, allowing them to announce it in BGP as well.
I had personally never heard of this and am curious if this is a common
practice as well as if this would potentially create any problems by 2
Autonomous Systems both originating the same prefix.
MOAS prefixes are common in some content-origination applications, but
since you never know what the rest of the universe is going to do in
their routing & forwarding decisions, is really isn't generally applicable.
Hve seen it a few times -- usually with enterprise customers who are
unable to manage their own routers and one ISP which has problems
configuring BGP on their client facing equipment.
I would say partitioning into two AS's like this is not a good thing. I wouldn't consider it a valid design myself, and would avoid it if possible.
If one of the AS's that is announcing the block, originates any traffic into the other AS for that block, the traffic will drop. I realize this ideally should not happen, but BGP uses arbitrary metrics, and people turn alot of knobs, which makes wierd things happen.
If someone were doing this themselves, I would say at least use a GRE tunnel with an iBGP link between the sites, but your not going to get that out of these providers, so its going to remain partitioned which should be thought through well as there may be issues with this.
Let me recant on what I said. I re-read and had myself confused (apologies). I see that the providers are using their own AS's. I still would not do this if it could be avoided, but the traffic won't be dropped like I had said, in the way I was thinking.
What I was thinking was a case where the same AS is announcing from two sites, which are not connected via iBGP. In that case default behavior is that the AS drops traffic from its own AS as this is how eBGP accomplishes loop prevention.
In the case that is being described this won't happen since each provider is using its own AS to announce from.
It's going to show inconsistent AS which some people may not like, but that's just ugly not broken. As the customer, it means your outgoing path selection is probably being made on the basis of some non-global attribute, and the return path is entirely at the mercy of your two isps...
I wouldn't do that becuase the alternatives are better and not exactly a lot of work, but will it work? yes.
So if the enterprise loses connectivity to one of these two providers,
does the provider without working connectivity to the enterprise have
mechanism in place to cease originating the address space?
"Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates this block in BGP?”
As stated before...yes this is a common practice.
"One of the ISP's in this case owns the block and has even provided a letter of
authorization to the other, allowing them to announce it in BGP as well.”
Yes, one ISP owns the block, both will aggregate the blocks and announce the blocks to the global internet. BGP attributes will shape best path for routing; i.e., AS-PATH, ORIGIN, LOCAL PREF. MEDS should take care of "leaking" routes.
So, is this design scheme viable? Yes, it is.
~Jay Murphy
IP Network Specialist
NM State Government
IT Services Division
PSB – IP Network Management Center
Santa Fé, New México 87505
"We move the information that moves your world."
“Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.”
“Engineering is about finding the sweet spot between what's solvable and what isn't."
Radia Perlman
Please consider the environment before printing e-mail
I understood the OP's question as one of concern. It sounds to me like
one of their ISPs can't/won't/doesn't know how to configure a
client-facing BGP session. I've run into this before, and it was due to
a lack of understanding/clue of how to peer with a multi-homed client
when the client didn't have their own ASN.
If that is the case, then I'd be concerned about situations where the
link goes down, but the advertisement is not removed from their
DFZ-facing sessions, possibly causing a black hole for traffic
transiting that ISP.
The work involved in co-ordinating two ISPs to detect and protect
against this type of situation is far more difficult than just
configuring BGP from the client out (imho).
Yes, the customer has an AS number, it's just from the private AS number block, e.g. AS 65000..when the block is routed to the AS running BGP, it is tagged with that ISP's public AS number, and announced to the world in this manner. OK, acknowledged. Clarify, "transiting"? Do you mean one ISP acts as a transit routing domain for another, or for traffic that "traverses" this particular ISP, which one?
~Jay Murphy
IP Network Specialist
NM State Government
IT Services Division
PSB – IP Network Management Center
Santa Fé, New México 87505
"We move the information that moves your world."
“Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.”
“Engineering is about finding the sweet spot between what's solvable and what isn't."
Radia Perlman
Please consider the environment before printing e-mail
Yes, the customer has an AS number, it's just from the private AS number block, e.g. AS 65000..when the block is routed to the AS running BGP, it is tagged with that ISP's public AS number, and announced to the world in this manner.
...but the OP stated that he doesn't do any BGP with either upstream,
and instead relies on the upstreams to statically route the block to
him. I was getting at the usage of private-AS in my last post. Perhaps
I'm mis-understanding something.
Clarify, "transiting"?
The OP has two 'transit' providers, neither of which he has a BGP
session established. Both of his upstream ISPs provide transit for him
to the wider Internet.
Do you mean one ISP acts as a transit routing domain for another, or for traffic that "traverses" this particular ISP, which one?
Traverses. ie. my upstream providers provide 'transit' services for
networks that I advertise to them, however, I don't allow any of my
peers to 'transit' my network.
Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates this block in BGP? One
of the ISP's in this case owns the block and has even provided a letter of
authorization to the other, allowing them to announce it in BGP as well.
I had personally never heard of this and am curious if this is a common
practice
I have seen it quite often. It allows an enterprise to be multihomed
w/o getting PI or PA address space so they are usually pretty happy
with it.
as well as if this would potentially create any problems by 2
Autonomous Systems both originating the same prefix.
AFAIR prefixes can be originated by more than one AS so there
shouldn't be any issues.