Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > BGP filtering PA and PI blocks

Reply
Thread Tools

BGP filtering PA and PI blocks

 
 
Glen Watson
Guest
Posts: n/a
 
      06-12-2006
Allot of documenation i have read suggest PA blocks are less likley to be
filtered out of BGP announcements that PI blocks.

Out of curiousity how does a filter differenciate between a PA and PI block,
i would have thought an address block can only be differentiated by its
prefix length alone ?


 
Reply With Quote
 
 
 
 
Arnold Nipper
Guest
Posts: n/a
 
      06-12-2006
On 12.06.2006 15:45 Glen Watson wrote

> Allot of documenation i have read suggest PA blocks are less likley to be
> filtered out of BGP announcements that PI blocks.
>
> Out of curiousity how does a filter differenciate between a PA and PI block,
> i would have thought an address block can only be differentiated by its
> prefix length alone ?
>
>


Have for example a look at

inetnum: 195.50.106.0 - 195.50.106.255
netname: YAHOONET
descr: YAHOONET
country: GB
admin-c: KW3969-RIPE
tech-c: LTHM
status: ASSIGNED PA
remarks: all abuse reports to http://www.velocityreviews.com/forums/(E-Mail Removed)
mnt-by: LEVEL3-MNT
mnt-lower: LEVEL3-MNT
mnt-routes: YAHOO-MNT
source: RIPE # Filtered


The status field gives you information about PA or PI


Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
 
 
 
Glen Watson
Guest
Posts: n/a
 
      06-13-2006
Thanks.

So do isp's actually compile a list PA an PI space using whois and put this
information into thier BGP route filters ? Seems it would be a very tedious
way of filtering PI announcements.

"Arnold Nipper" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 12.06.2006 15:45 Glen Watson wrote
>
> > Allot of documenation i have read suggest PA blocks are less likley to

be
> > filtered out of BGP announcements that PI blocks.
> >
> > Out of curiousity how does a filter differenciate between a PA and PI

block,
> > i would have thought an address block can only be differentiated by its
> > prefix length alone ?
> >
> >

>
> Have for example a look at
>
> inetnum: 195.50.106.0 - 195.50.106.255
> netname: YAHOONET
> descr: YAHOONET
> country: GB
> admin-c: KW3969-RIPE
> tech-c: LTHM
> status: ASSIGNED PA
> remarks: all abuse reports to (E-Mail Removed)
> mnt-by: LEVEL3-MNT
> mnt-lower: LEVEL3-MNT
> mnt-routes: YAHOO-MNT
> source: RIPE # Filtered
>
>
> The status field gives you information about PA or PI
>
>
> Arnold
> --
> Arnold Nipper, AN45



 
Reply With Quote
 
chris
Guest
Posts: n/a
 
      06-13-2006

"Glen Watson" <(E-Mail Removed)21.com> wrote in message
news:448eba9b$0$22089$(E-Mail Removed)...
> Thanks.
>
> So do isp's actually compile a list PA an PI space using whois and put
> this
> information into thier BGP route filters ? Seems it would be a very
> tedious
> way of filtering PI announcements.


No, that would be tedious and unmanageable. ISP usually filter on prefix
size and filter out long prefixes (say /24 and up) as ISP's usually
advertise /16, /17 etc.. That's one way of doing it anyway.

PI space would tend to have a longer prefix and so would be more likely to
be filtered by tier 1 (or maybe even tier 2) ISP's.

Chris.


 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      06-13-2006
On 14.06.2006 00:03 chris wrote

> "Glen Watson" <(E-Mail Removed)21.com> wrote in message
> news:448eba9b$0$22089$(E-Mail Removed)...
>> Thanks.
>>
>> So do isp's actually compile a list PA an PI space using whois and put
>> this
>> information into thier BGP route filters ? Seems it would be a very
>> tedious
>> way of filtering PI announcements.

>
> No, that would be tedious and unmanageable. ISP usually filter on prefix
> size and filter out long prefixes (say /24 and up) as ISP's usually
> advertise /16, /17 etc.. That's one way of doing it anyway.
>
> PI space would tend to have a longer prefix and so would be more likely to
> be filtered by tier 1 (or maybe even tier 2) ISP's.
>


To be more precise they actually might use something like
ftp://ftp.ripe.net/ripe/docs/ripe-380.txt which is also available for
the other registries (ARIN, AfriNIC, LACNIC and APNIC)


--
Arnold Nipper, AN45
 
Reply With Quote
 
Grog
Guest
Posts: n/a
 
      06-18-2006
On Tue, 13 Jun 2006 23:03:29 +0100, "chris"
<(E-Mail Removed)> wrote:

>
>"Glen Watson" <(E-Mail Removed)21.com> wrote in message
>news:448eba9b$0$22089$(E-Mail Removed)...
>> Thanks.
>>
>> So do isp's actually compile a list PA an PI space using whois and put
>> this
>> information into thier BGP route filters ? Seems it would be a very
>> tedious
>> way of filtering PI announcements.

>
>No, that would be tedious and unmanageable. ISP usually filter on prefix
>size and filter out long prefixes (say /24 and up) as ISP's usually
>advertise /16, /17 etc.. That's one way of doing it anyway.
>
>PI space would tend to have a longer prefix and so would be more likely to
>be filtered by tier 1 (or maybe even tier 2) ISP's.
>
>Chris.
>



The general guideline between tier 1s is to filter at the /24 and
shorter level. (/23, /22, etc..)

Longer prefixes between peers will usually be dependent larger
aggregate blocks to pass between peers. Since PI space is doled out
at /24 and larger, it usually doesn't encounter filtering based on
mask length. I believe there are a couple filtering at /21 level
still. (not 100% on that)

Glen, the nsp's don't really care if it is PA or PI space and don't
compile lists like that.

Grog
late, I know...





 
Reply With Quote
 
Glen Watson
Guest
Posts: n/a
 
      06-19-2006
Thanks.

So if i had my own addresses that couldn't be agregated, say of prefix
length /23 i could well be stuffed due to the filtering that could occur
between tier 1's

I say this as we qualify for our own /23 small pa space with RIPE. If we
chose to go down that route and announce our routes with bgp via 2 upstream
isp's through multihoming we could get filtered.

It sounds like we may be better getting address space allocated out of one
isp's aggregatable block and announce this over both isp's so that way at
least we could rely on the shorter prefix aggregates getting announced
everywhere.

Have i understood correctly ?


"Grog" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Tue, 13 Jun 2006 23:03:29 +0100, "chris"
> <(E-Mail Removed)> wrote:
>
> >
> >"Glen Watson" <(E-Mail Removed)21.com> wrote in message
> >news:448eba9b$0$22089$(E-Mail Removed)...
> >> Thanks.
> >>
> >> So do isp's actually compile a list PA an PI space using whois and put
> >> this
> >> information into thier BGP route filters ? Seems it would be a very
> >> tedious
> >> way of filtering PI announcements.

> >
> >No, that would be tedious and unmanageable. ISP usually filter on prefix
> >size and filter out long prefixes (say /24 and up) as ISP's usually
> >advertise /16, /17 etc.. That's one way of doing it anyway.
> >
> >PI space would tend to have a longer prefix and so would be more likely

to
> >be filtered by tier 1 (or maybe even tier 2) ISP's.
> >
> >Chris.
> >

>
>
> The general guideline between tier 1s is to filter at the /24 and
> shorter level. (/23, /22, etc..)
>
> Longer prefixes between peers will usually be dependent larger
> aggregate blocks to pass between peers. Since PI space is doled out
> at /24 and larger, it usually doesn't encounter filtering based on
> mask length. I believe there are a couple filtering at /21 level
> still. (not 100% on that)
>
> Glen, the nsp's don't really care if it is PA or PI space and don't
> compile lists like that.
>
> Grog
> late, I know...
>
>
>
>
>



 
Reply With Quote
 
Grog
Guest
Posts: n/a
 
      06-19-2006
On Mon, 19 Jun 2006 18:49:23 +0100, "Glen Watson"
<(E-Mail Removed)21.com> wrote:

>Thanks.
>
>So if i had my own addresses that couldn't be agregated, say of prefix
>length /23 i could well be stuffed due to the filtering that could occur
>between tier 1's
>
>I say this as we qualify for our own /23 small pa space with RIPE. If we
>chose to go down that route and announce our routes with bgp via 2 upstream
>isp's through multihoming we could get filtered.
>
>It sounds like we may be better getting address space allocated out of one
>isp's aggregatable block and announce this over both isp's so that way at
>least we could rely on the shorter prefix aggregates getting announced
>everywhere.
>
>Have i understood correctly ?
>



With a /23 you should be fine since /23 > /24. With your PI /23
and 2 upstreams, you should have no problems announcing your route
globally. I personally think it is better to get PI space than PA if
you qualify for it. If you change upstreams later on and have PA
space, think of the nasty renumbering job you have in front of you.


When it comes to address space, think in terms of 32 bit addresses, so
it helps to be able to think in binary (well, kinda).

larger (more total ip addresses) netblocks have shorter netmasks.
smaller netblocks have longer netmasks.

Now, that should be clear as mud..


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
To BGP or not to BGP (multihoming with ISPs over uneven links speed)?!? papi Cisco 4 09-08-2009 02:45 AM
BGP multihoming and PA blocks Glen Watson Cisco 2 07-24-2009 10:49 PM
Difference between "bgp dampening" and "bgp bestpath dampening" harald rüger Cisco 0 10-25-2004 04:07 PM
procs/blocks - blocks with procs, blocks with blocks? matt Ruby 1 08-06-2004 01:33 AM



Advertisments