[AusNOG] Write up - Big ISP, little ISP, local internet exchanges

[Edwin Groothuis]

On Fri, Sep 05, 2008 at 11:24:36AM +0930, Matthew Moyle-Croft wrote:
> What you've described is much of the reasoning as to why most of the  
> peering world doesn't like MLPAs - a lack of control and opportunities  
> for transit theft.

These opportunities are there only because they mixed the three
clouds: Users, Services and Transit. Split them, at least in an
Users and Services cloud and a Transit cloud and the possibility
for theft is not there anymore because the path isn't there anymore.

> Have you actually used your complex multiple ASes and IP-IP tunnels in  
> practice?  It sounds fairly unwieldly compared to the various  
> filtering and contractual options available.

At the first global intranet I was working with (~20 backbone
locations, ~1200 routers), each access network under the backbone
had its own routing cloud (which was exchanged towards the
backbone routing cloud), with its own default gateway (the backbone
didn't have a default gateway) to an internal firewall/DMZ host
which had tunnels towards the other internal firewall/DMZ hosts to
exchange traffic towards external third parties.

Because of this design, we could easily hang up other customers
under the backbone without the access networks learning about them.
The backbone knew everything, the access networks only knew what
they were supposed to know.

Was the design complicated? Not really. Did it take a chance of
mind with regarding to how the network works? Yes. Did it make the
network predictable? Absolutely.

It gives you a predictable network, and that is what you need when
you do routing exchange with third parties, to prevent issues on
the Layer 8 and 9 of the OSI model :-)

Edwin
-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwin at mavetju.org    |              Weblog: http://www.mavetju.org/weblog/