|
Thread Index [isp-bgp] BGP community policies
Would appreciate if someone can shed some light on this issue we are facing.
We have this network scenario.
1. AS1 has all bilateral peering interconnections.
2. AS2 has all transit interconnections.
3. CustomerA is connected to AS1
4. CustomerB & C are connected to AS2
Policy wise we need to configure for the following:
1. CustomerA can utilize all the peering services from AS1 and transit
services from AS2.
2. CustomerB can utilize all transit services from AS2 and select peering
interconnections from AS1.
3. CustomerC can only utilize the transit services form AS2 and none peering
from AS1.
We have tried coloring with communities between the ASes and then utilizing
route-maps to propagate the policies above in the respective customer BGP
sessions. Works fine until the customer then installs a default-route as a
fail-safe mechanism.
Although PeerA and PeerB announcements are filtered to CustC, a default
route in CustC router to the AS2 border router for example will cause some
issues. This is possible especially when the prefix of PeerA learnt via the
peering and transit links will be installed in the AS2 border router
routing
table. Because of the as_path attribute (for example) the packets will be
sent
to AS1 and routed to PeerA. The problem is that as this is a peering
arrangement
and the packets originating from CustC will be dropped due to policy filter
on
PeerA border router.
Now legitimate traffic to PeerA network from CustC will never reach although
there
is a path via the AS2 transit links.
The prefixes of PeerA in the AS2 routing table learnt from both the peering
and
transit BGP session should be installed. But since there is no agreement on
CustC
routes via the peering link, traffic should be be sent via the transit
links.
Gets more interesting if we are trying the implement policy number 2 above.
Is this a case of 'source-routing' then or is there any other technique.
Would appreciate any kind of hint/website/full complete answer.
PeerA TransA TransB
| | /
+---+ +---+
CustA-|AS1|----|AS2|-CustC
+---+ +---+
| |
PeerB CustB
Thanks in advance.
-nick kraal/
------------------------ANNOUNCEMENT---------------------------------
---------------------------------------------------------------------
>> ISP Technology <<
VPN, DNS Security Management, spam, 3G, WLAN Security, P2P, VoIP, PLC,
802.11i, 802.1x and much more!
http://www.wispcon.com/spring2003/attend-sessionlist.asp
The 10th Annual ISPcon, Baltimore Waterfront Marriott
April 23-25
----------------------------------------------------------------------
----------------------------------------------------------------------
<- Previous Message | Next Message -> Thread Index |
|
