Discussion:
peering between ASes
(too old to reply)
Kai Chen
2008-05-16 15:09:50 UTC
Permalink
Hi, here is a quick question.
1. Beside public peering in IXP and private peering between two dedicated
ASes, are there any other interconnection models in the current Internet?
2. How does private peering implement, just a router from each AS and a link
inbetween? Do they have multi-access in one peering location? I mean one
router from an AS peer with two/more routers from another AS?

Cheers,
Joel Jaeggli
2008-05-16 15:31:16 UTC
Permalink
Post by Kai Chen
Hi, here is a quick question.
1. Beside public peering in IXP and private peering between two dedicated
ASes, are there any other interconnection models in the current Internet?
There is the model where all partcipants peer through agency of 3rd
party. That tends to be looked on as an extremely bad idea, but some
regulatory environments encourage or enforce that sort of behavior
particularly around the monopoly PTT.
Post by Kai Chen
2. How does private peering implement, just a router from each AS and a link
inbetween? Do they have multi-access in one peering location? I mean one
router from an AS peer with two/more routers from another AS?
you'll find that the details vary between entities. some bi-lateral
relationships are going to require peering in more than one location,
require a minimum ammount of redundancy etc. depends on how business
critical the relationship is, how much traffic is being exchanged, the
sized of the networks involved etc.
Post by Kai Chen
Cheers,
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Kai Chen
2008-05-16 15:52:47 UTC
Permalink
Post by Kai Chen
Hi, here is a quick question.
1. Beside public peering in IXP and private peering between two dedicated
ASes, are there any other interconnection models in the current Internet?
There is the model where all partcipants peer through agency of 3rd party.
That tends to be looked on as an extremely bad idea, but some regulatory
environments encourage or enforce that sort of behavior particularly around
the monopoly PTT.
I don't know if the 3rd party you mentioned is the IXP?
2. How does private peering implement, just a router from each AS and a
Post by Kai Chen
link
inbetween? Do they have multi-access in one peering location? I mean one
router from an AS peer with two/more routers from another AS?
you'll find that the details vary between entities. some bi-lateral
relationships are going to require peering in more than one location,
require a minimum ammount of redundancy etc. depends on how business
critical the relationship is, how much traffic is being exchanged, the sized
of the networks involved etc.
Sure, two ASs may peer with each other at multiple locations, I do want to
know in each of these peering location, if there exist multi-access between
these two ASes.
Cheers,
Post by Kai Chen
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Nathan Ward
2008-05-17 03:07:20 UTC
Permalink
Post by Kai Chen
Sure, two ASs may peer with each other at multiple locations, I do want to
know in each of these peering location, if there exist multi-access between
these two ASes.
If you're looking for some rules about how this must work, you won't
find them - all these things are optional and dynamic.

Multiple accesses between two ASes at a single physical location is
possible, yes. It's probably a good idea in most cases - whether it
happens or not is usually a matter of whether the cost (both capital
and opex) is worth it, I imagine.

RE. your original question (2) - yes a single router in each AS and a
link between them is the simplest. Add more routers and more links as
required to meet capacity and resiliency requirements, where cost
permits.

--
Nathan Ward
Matthew Moyle-Croft
2008-05-17 05:05:17 UTC
Permalink
Post by Kai Chen
There is the model where all partcipants peer through agency of 3rd party.
That tends to be looked on as an extremely bad idea, but some regulatory
environments encourage or enforce that sort of behavior particularly around
the monopoly PTT.
I don't know if the 3rd party you mentioned is the IXP?
Some IXPs have MLPA (MultiLateral Peering Agreements) where some or all
of the participants agree to connect to a route server (usually with
it's own AS) and exchange routes this way.

It's reasonably common around AsiaPac - all the peering fabrics in
Australia are MLPA for example, but I can think of optional examples in
the USA (eg. Any2) that have it as an option or places like HKIX which
have an MPLA which is mandatory for Hong Kong prefixes.

This doesn't stop you doing bilateral as well across the same fabrics.

MLPA works well in certain environments, especially where the major IP
transit providers in a country won't peer, but rivalries tend to mean
that a neutral (or fairly neutral) 3rd party can provide the routing
part (this is pretty much what happened in Australia). It's
convienient for content providers - they can "hook up" to one route
server and often pickup half of the people on the exchange without
having to spend ages negotiating with small networks who often don't
have the technical know how or don't have the BGP experience, or indeed
the smaller networks themselves as they can connect to an exchange and
at least guarantee enough data to justify doing so.

It gets more complex as some networks then become bigger and become
transit providers and don't like customers sending routes to them via a
peering fabric etc. Which is why, with a much more diverse range of
networks and no one player dominating people the transit game (eg. in
the USA, Western Europe) that MLPA isn't common.

Some MLPAs give you some control over routing (eg. don't send my
prefixes to ASxxxx), but a lot don't.

Regards,
Matthew
Nathan Ward
2008-05-17 05:18:29 UTC
Permalink
Post by Matthew Moyle-Croft
Some MLPAs give you some control over routing (eg. don't send my
prefixes to ASxxxx), but a lot don't.
If you really need to, you can get a similar effect by using ASPATH
poisoning; just prepend your AS paths with the ASes you don't want
those prefixes hitting.

Similar, not identical, so may not work for you how you want.

Googling around finds some explanation of it here:
http://ispcolumn.isoc.org/2005-08/as1.html

Nothing really about how it works in a MLPA IXP though.

--
Nathan Ward
Matthew Moyle-Croft
2008-05-17 05:30:16 UTC
Permalink
Post by Nathan Ward
If you really need to, you can get a similar effect by using ASPATH
poisoning; just prepend your AS paths with the ASes you don't want
those prefixes hitting.
..
Nothing really about how it works in a MLPA IXP though.
It'd work, but it's a pretty evil thing to do and it's a fairly easy to
get around surely (neighbor 1.1.1.1 allowas-in on IOS).

MMC
Nathan Ward
2008-05-17 05:36:20 UTC
Permalink
Post by Matthew Moyle-Croft
Post by Nathan Ward
If you really need to, you can get a similar effect by using
ASPATH poisoning; just prepend your AS paths with the ASes you
don't want those prefixes hitting.
..
Nothing really about how it works in a MLPA IXP though.
It'd work, but it's a pretty evil thing to do and it's a fairly easy
to get around surely (neighbor 1.1.1.1 allowas-in on IOS).
"If you really need to". Geoff's thing also says "controversial".

If the foreign AS really wants to send you routes that way, they can
do it regardless of how you stop your advertisements being accepted by/
reaching them. We're hardly talking high security here.

ip route <prefix> <netmask> 1.1.1.1 works a treat.

--
Nathan Ward
Matthew Moyle-Croft
2008-05-17 05:53:02 UTC
Permalink
Post by Nathan Ward
If the foreign AS really wants to send you routes that way, they can
do it regardless of how you stop your advertisements being accepted by/
reaching them. We're hardly talking high security here.
ip route <prefix> <netmask> 1.1.1.1 works a treat.
I'm not quite sure of your point Nathan. That'd stop connectivity
which isn't usually the point - especially if the issue is point (2) below.

MLPAs are disliked for two main reasons that I've been able to discern.

(1) Lack of control

Because of the lack of direct relationships with the other networks you
can get some fairly odd routing behaviours which gives suboptimal
performance when you meet at multiple MLPAs in a theatre - leading to
difficulty in doing traffic engineering. From traffic flows, to
wierdness caused by people advertising prefixes inconsistently to
transit and peering and blaming IOS bugs for it <sigh>.

(2) Transit customers using an MLPA to "not pay" for traffic to your
network

A fair point - but, if they weren't a customer then you might be paying
to get their traffic or they would be sending it that way anyway.

MMC
Nathan Ward
2008-05-17 08:13:12 UTC
Permalink
Post by Matthew Moyle-Croft
Post by Nathan Ward
If the foreign AS really wants to send you routes that way, they
can do it regardless of how you stop your advertisements being
accepted by/ reaching them. We're hardly talking high security here.
ip route <prefix> <netmask> 1.1.1.1 works a treat.
I'm not quite sure of your point Nathan. That'd stop connectivity
which isn't usually the point - especially if the issue is point (2) below.
If a foreign AS wants to work around things put in place by you/others
so they don't get your prefixes (be it ASPATH poisoning, route
filtering by the MLPA route-server operator, etc.) they can do so
easily by putting a static route in to their equipment.

My point is that none of these techniques are bulletproof.

I think I meant to say "packets" where I said "routes" where you
quoted me above, also, that ip route blah was something that the
foreign AS would stuff in to their router. I hope that's a bit more
clear.
Post by Matthew Moyle-Croft
MLPAs are disliked for two main reasons that I've been able to
discern.
I'm not debating for/against MLPAs, that doesn't really go anywhere
productive. I'm giving info that some people might find useful if
they've got a network condition they need to work around with a dirty
hack.

--
Nathan Ward

Loading...