[AusNOG] steering inbound BGP (Telstra)

Ben ben at meh.net.nz
Mon Feb 17 16:42:51 EST 2014


On Sun, Feb 16, 2014 at 08:55:33PM -0800, Matthew Moyle-Croft wrote:
> 
> On 16 Feb 2014, at 8:48 pm, Ben <ben at meh.net.nz> wrote:
> 
> ...
> 
> >>> 
> >> 
> >> "Fallback routes"?
> > 
> > Err, advertising with less prepending for the same subnet. 
> 
> This is about more specifics.
> 
> > 
> >> More specifics are a common tool used to TE traffic.  The issue is if your /24s aren't globally advertised.  
> > 
> > Ok, so say Telstra advertise routes at Equninx Los Angeles, and the other provider doesn't advertise at Equninix Los Angeles, then
> > people close to that are going to often have local preference set to send via peering exchange.  But say they have a low end router
> > for peering, and theey decide to strip /24s, or default route+peering routes.  (the same can apply for domestic traffic, but it's
> > more significant and more obvious for international)
> 
> If they're stripping /24s and/or have default then they're going to be getting to the interwebz via a transit provider who WILL have full routes because they're clearly not big enough to have routers that cope with being in the DFZ.

Not necessarily.  I've been doing some lookups, and struggling to find examples of places that Vocus and NTT aren't at, but Telstra are, or
common local preference for provider type isuses.  I figure an example of where it's not working international would work best.

 
> > 
> > If you advertise a /23 to Telstra, and /23 and two /24s to your other provider, then when Telstra receive this traffic what are they
> > meant to do with it?  Is that clearer?
> They'll follow the /24s toward where you're advertising them.  Not ideal, but Telstra have decided to not offer fairly standard tools (BGP communities) so my empathy for them is as close to zero as you can get.

Say you have a 100 megabit pipe with Telstra, and a gigabit pipe with Vocus, and you were getting 200 megabit/sec for a file coming internationally from a Telstra
peer in say London by advertising a /23 to Telstra, and two /24s to Vocus -- yeah wishful thinking, but say Vocus shut down their linx peer -- right now LINX is showing
for his subnet as:

https://stats.linx.net/cgi-pub/xlg.pl?run=true&site=LINX-London&query_type=+BGP&address=202.128.102.1&Submit=Submit 


So it's only Vocus and Telstra at least, with lots of prepends to Telstra.  So Telstra are carrying the traffic.. now along the way should they pass it off to Vocus, or should they
just keep carrying it?  Right thinking generally dictates that traffic should stay within Telstra to the end destination, otherwise some infarious party could steal the traffic, and
some parties block receiving routes that they're advertising -- but that isn't necessarily goign to hold over for more specific routes.  Say they do pass it on Vocus, then you'll
 bypass the rate limit of the link.  If they don't, then you don't fix the initial issue.

And unless all providers are at all the same internet exchanges and with the same peering agreements this will happen to some degree.

>From what he said it sounded like he wasn't trying to gently shift traffic, but rather to move all traffic off of the secondary link.  
 
> > 
> > 
> >> The main issue is - if your other provider(s) don't have good domestic Australian connectivity, but again, I kind of assume anyone doing this has some clue and/or deserves some failure based learning.
> > 
> > Maybe I don't understand the problem completely.  From my understanding the idea was to get rid of all traffic off the fallback link, unless there's an actual outage, whilst still
> > advertising BGP routes.  That in itself is not acheivable from what I can tell.  And by advertising more specficially I can't see any advantage to just prepending normally.  If telstra
> > do accept the /24 over the /23, and send to the customer regardless, and still advertise out the /23 then there is a chance for misdirected traffic either going to the customer via
> > their alternative provider, or still going through their normal link.
> 
> Again, prepending is irrelevant.  /24s will always win as they are more specific.  If you're not clear on that I'd do some reading up on routing.

Yeh sure so the /24 wins.  But that's not the issue - the issue that once traffic has come in Telstra's netowrk, they really should send it through to him.  And if it does go via Vocus
(which there is some chance of) then that means that Telstra are carrying traffic that may be over the capacity of their link.

You can't expect providers to have global rate limits over their whole network at every location, so usually individual links are charged for.  So it basically bypasses charging.


It'd be even more significant if he wanted to prefer Telstra over Vocus, and much easier to come up with examples that actually would be problematic - 

Vocus advertise his subnet in New Zealand over APE, in Auckland, so easy straight peering - and I know for a fact that there are providers in New Zealand that have APE routes and
domestic but don't have full international tables - they will send traffic over APE to him, if any routes exist via APE/Vocus.  I don't know for sure what they'd do if you advertised
a /24 via Telstra and a /23 via Vocus.

Ben


More information about the AusNOG mailing list