Re: [fw-wiz] dual ISP connections



Yes, that is true. It is not good to split contigous adress space.
I guess I did not explain it well, I apologize for that.

I meant, if you have several non-contigous "/something" you can
announce some of them to one ISP with some pre-pend information and
some others to the other ISPs. But it is just an specific solution for
some very specific situations.

-ef

On 05/07/06, Patrick M. Hausen <hausen@xxxxxxxx> wrote:
Hello!

The outgoing is not so hard with BGP. The incomming traffic is the
interesting thing.

True.

You can pre-pend some AS info to one of your ISPs,
but sometimes the balancing is complete unbalanced. Also you can split
your IP space to try to balance some traffic.

Splitting your IP space into smaller pieces is strongly discouraged.
You are cluttering the default free zone with multiple prefixes
where one would be sufficient and your announcements may even be
filtered and blocked. E.g. in the RIPE area the smallest PA allocation
is a /20. There are ISPs who assume that any longer prefix
out of the RIPE address range is a bogus announcement.

Reasonable upstreams provide community attributes to prepend when
announcing to certain big players. E.g. one of our upstreams:

$ whois -r AS12306
...
remarks: C o m m u n i t y D e f i n i t i o n s
remarks:
remarks: 12306:1000 do not announce at the DE-CIX
remarks: 12306:1011 single prepend when announcing at the DE-CIX
remarks: 12306:1012 double prepend when announcing at the DE-CIX
remarks: 12306:1013 triple prepend when announcing at the DE-CIX
remarks: 12306:1014 quad prepend when announcing at the DE-CIX
remarks:
remarks: 12306:3000 do not announce to DTAG AS3320
remarks: 12306:3011 single prepend when announcing to DTAG AS3320
remarks: 12306:3012 double prepend when announcing to DTAG AS3320
remarks: 12306:3013 triple prepend when announcing to DTAG AS3320
remarks: 12306:3014 quad prepend when announcing to DTAG AS3320
remarks:
remarks: 12306:4000 do not announce at the INXS
remarks: 12306:4011 single prepend when announcing at the INXS
remarks: 12306:4012 double prepend when announcing at the INXS
remarks: 12306:4013 triple prepend when announcing at the INXS
remarks: 12306:4014 quad prepend when announcing at the INXS
remarks:
remarks: 12306:9100 do not announce to CW
remarks: 12306:9111 single prepend when announcing to CW
remarks: 12306:9112 double prepend when announcing to CW
remarks: 12306:9113 triple prepend when announcing to CW
remarks: 12306:9114 quad prepend when announcing to CW
remarks:
remarks: 12306:9200 do not announce to ABOVENET AS6461
remarks: 12306:9211 single prepend when announcing to ABOVENET
remarks: 12306:9212 double prepend when announcing to ABOVENET
remarks: 12306:9213 triple prepend when announcing to ABOVENET
remarks: 12306:9214 quad prepend when announcing to ABOVENET
remarks:
...


Regards,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards