BGP, AS, IP range questions

Discussion in 'Cisco' started by essenz, Jun 20, 2007.

  1. essenz

    essenz Guest

    There are a few things rattling in my head that I have never truly
    understood, I am hoping this list might be able to help.

    A multi-homed AS consists of an AS number registration (from ARIN), a
    routing policy (i.e. BGP4), and an IP range assingment (from ARIN).

    The AS is registered with your name, address, etc.,.

    The IP assignment is registered to an OrgID, with POCs, etc.,.

    However, there is nothing that explicitly associates a given IP block
    with an ASN. Most of the time, the AS is run by the same people who
    have that IP assignment, aka ISPs, and so on. But it is possible, and
    occurs every day, where an end-user runs their own AS, and is
    advertising an IP range that is not assigned to them, rather it is
    assigned to one of their upstream providers.

    To really find out which AS is advertising a given IP range, you have
    to query a variety of live BGP and route server resources, and there
    are plenty of them out on the internet.

    Here's my question. Lets say Joe Schmoe registers an AS. He connects
    it to the internet via some provider using BGP.

    Two scenarios:

    1. Joe "steals" an IP range from somebody else, that is currently not
    being advertised anywhere by any AS - and starts advertising it from
    his newly formed AS.

    2. Joe "steals" an IP range from somebody else, that IS currently
    being used and advertised by another AS, but Joe advertises it anyway
    from his AS,

    For those two cases, what happens? What prevents it? What is the
    fallout from #2 to the real owner of that IP assignment? Does this
    ever occur, or is it so rare its not an issue.

    These questions came about because I am in the process of migrating a
    datacenter. We are setting up a new AS in the new datacenter, it wont
    advertise any IPs right now. But the night we cutover, it will start
    advertising the IPs that previously have been running on our original
    AS - after we shutdown the original AS/router.

    Thanks
    John
    essenz, Jun 20, 2007
    #1
    1. Advertising

  2. essenz

    Chris Guest

    On Wed, 20 Jun 2007 14:44:07 -0700, essenz wrote:

    > There are a few things rattling in my head that I have never truly
    > understood, I am hoping this list might be able to help.
    >
    > A multi-homed AS consists of an AS number registration (from ARIN), a
    > routing policy (i.e. BGP4), and an IP range assingment (from ARIN).
    >
    > The AS is registered with your name, address, etc.,.
    >
    > The IP assignment is registered to an OrgID, with POCs, etc.,.
    >
    > However, there is nothing that explicitly associates a given IP block
    > with an ASN. Most of the time, the AS is run by the same people who
    > have that IP assignment, aka ISPs, and so on. But it is possible, and
    > occurs every day, where an end-user runs their own AS, and is
    > advertising an IP range that is not assigned to them, rather it is
    > assigned to one of their upstream providers.
    >
    > To really find out which AS is advertising a given IP range, you have
    > to query a variety of live BGP and route server resources, and there
    > are plenty of them out on the internet.
    >
    > Here's my question. Lets say Joe Schmoe registers an AS. He connects
    > it to the internet via some provider using BGP.
    >
    > Two scenarios:
    >
    > 1. Joe "steals" an IP range from somebody else, that is currently not
    > being advertised anywhere by any AS - and starts advertising it from
    > his newly formed AS.
    >
    > 2. Joe "steals" an IP range from somebody else, that IS currently
    > being used and advertised by another AS, but Joe advertises it anyway
    > from his AS,
    >
    > For those two cases, what happens? What prevents it? What is the
    > fallout from #2 to the real owner of that IP assignment? Does this
    > ever occur, or is it so rare its not an issue.
    >
    > These questions came about because I am in the process of migrating a
    > datacenter. We are setting up a new AS in the new datacenter, it wont
    > advertise any IPs right now. But the night we cutover, it will start
    > advertising the IPs that previously have been running on our original
    > AS - after we shutdown the original AS/router.
    >
    > Thanks
    > John


    BGP routing policies are documented on routing registries (eg RIPE, ARIN
    etc.) and ISP's usually filter advertisments based on that routing
    information. I work with RIPE and when we get a new PA assignment we have
    to register a route-object that ties in the IP block to the ASN. Other
    networks can then base filters on this info in the database.


    For example,

    route: 213.249.128.0/18
    descr: KINGSTON-NET001
    origin: AS12390
    mnt-by: KINGSTON-MNT
    source: RIPE # Filtered


    This ties the /18 netblock to AS12390. Basically it's down to networks
    running BGP keeping upto date filters and ensuring that BGP advertisments
    from customers are subject to prefix-list and AS path filters to ensure
    that bogus routes don't make it out.

    Chris.
    Chris, Jun 20, 2007
    #2
    1. Advertising

  3. essenz

    essenz Guest

    On Jun 20, 6:10 pm, Chris <> wrote:
    >
    > BGP routing policies are documented on routing registries (eg RIPE, ARIN
    > etc.) and ISP's usually filter advertisments based on that routing
    > information. I work with RIPE and when we get a new PA assignment we have
    > to register a route-object that ties in the IP block to the ASN. Other
    > networks can then base filters on this info in the database.
    >
    > For example,
    >
    > route: 213.249.128.0/18
    > descr: KINGSTON-NET001
    > origin: AS12390
    > mnt-by: KINGSTON-MNT
    > source: RIPE # Filtered
    >
    > This ties the /18 netblock to AS12390. Basically it's down to networks
    > running BGP keeping upto date filters and ensuring that BGP advertisments
    > from customers are subject to prefix-list and AS path filters to ensure
    > that bogus routes don't make it out.
    >
    > Chris.


    See thats where I am confused. I didn't think ARIN maintained a
    database of which IP assignments belong to which ASN. If that database
    exists, how does one make changes to it.

    I do remember when I got my first IP allocation, and the template does
    ask for the origin AS. But I was never sure how that info is used on
    the backend.

    Back to migration situation. Currently I am running AS 17185. We are
    setting up a new AS in the new datacenter, not assigned yet, but for
    arguments sake, lets call it AS 17195. My plan was to bring up AS
    17195. Let it run for a few days, then on the night of migration
    simply turn-off AS 17185, and start advertising those IP on the new AS
    17195. Will this work? Or do I have to notify ARIN, and worry about
    updating a database somewhere.

    -John
    essenz, Jun 21, 2007
    #3
  4. "essenz" <> ha scritto nel messaggio
    news:...
    > There are a few things rattling in my head that I have never truly
    > understood, I am hoping this list might be able to help.
    >
    > Two scenarios:
    >
    > 1. Joe "steals" an IP range from somebody else, that is currently not
    > being advertised anywhere by any AS - and starts advertising it from
    > his newly formed AS.
    >
    > 2. Joe "steals" an IP range from somebody else, that IS currently
    > being used and advertised by another AS, but Joe advertises it anyway
    > from his AS,
    >
    > For those two cases, what happens? What prevents it? What is the
    > fallout from #2 to the real owner of that IP assignment? Does this
    > ever occur, or is it so rare its not an issue.
    >
    > Thanks
    > John


    Hi,

    More often than not whole reserved, not allocated or even "stolen/hijacked"
    prefixes are advertised by some ASes around the world... ( prevalently in
    Asia )
    Even whole ASes are hijacked.

    Sometimes this is done by error... but more often than not it is done to do
    harm to someone.

    Both you and your AS peers should filter the advertisements received/sent.


    Regards,
    Gabriele
    Gabriele Beltrame, Jun 21, 2007
    #4
  5. essenz

    Chris Guest

    On Wed, 20 Jun 2007 20:31:38 -0700, essenz wrote:

    > On Jun 20, 6:10 pm, Chris <> wrote:
    >>
    >> BGP routing policies are documented on routing registries (eg RIPE, ARIN
    >> etc.) and ISP's usually filter advertisments based on that routing
    >> information. I work with RIPE and when we get a new PA assignment we have
    >> to register a route-object that ties in the IP block to the ASN. Other
    >> networks can then base filters on this info in the database.
    >>
    >> For example,
    >>
    >> route: 213.249.128.0/18
    >> descr: KINGSTON-NET001
    >> origin: AS12390
    >> mnt-by: KINGSTON-MNT
    >> source: RIPE # Filtered
    >>
    >> This ties the /18 netblock to AS12390. Basically it's down to networks
    >> running BGP keeping upto date filters and ensuring that BGP advertisments
    >> from customers are subject to prefix-list and AS path filters to ensure
    >> that bogus routes don't make it out.
    >>
    >> Chris.

    >
    > See thats where I am confused. I didn't think ARIN maintained a
    > database of which IP assignments belong to which ASN. If that database
    > exists, how does one make changes to it.
    >
    > I do remember when I got my first IP allocation, and the template does
    > ask for the origin AS. But I was never sure how that info is used on
    > the backend.
    >
    > Back to migration situation. Currently I am running AS 17185. We are
    > setting up a new AS in the new datacenter, not assigned yet, but for
    > arguments sake, lets call it AS 17195. My plan was to bring up AS
    > 17195. Let it run for a few days, then on the night of migration
    > simply turn-off AS 17185, and start advertising those IP on the new AS
    > 17195. Will this work? Or do I have to notify ARIN, and worry about
    > updating a database somewhere.
    >
    > -John


    Hi John,

    I've never worked with ARIN, just RIPE so I don't know anything about their
    procedures. You may be better off speaking to your upstream providers as
    they will most likely filter your advertisments based on either manaual
    filters or some database. If they do it automatically then they should be
    able to point you to the correct database where you can define the origin.
    If it's manaual then just let them know what AS will be advertising what
    prefixes and then they can arrange to update the filters. This is how we
    work with our customers. They tell us what prefixes they are advertising
    from their AS and we update the filters accordingly.

    Good luck,

    Chris.
    Chris, Jun 21, 2007
    #5
  6. essenz

    JF Mezei Guest

    essenz wrote:
    > Back to migration situation. Currently I am running AS 17185. We are
    > setting up a new AS in the new datacenter, not assigned yet,


    Is there a reason to ask for a new ASN ?

    Consider a company switching from Sprint/NAC to AT&T/Cogent. They don't
    need a new AS. Once they connect to the new transit providers, the BGP
    announcements flow through the new providers, and the world then knows
    that to reach those IPs, you send to those providers.

    Here is a real world example that happened a couple years ago:

    ISP-1 is shutdown, but their contract with Cogent still had 3 months to
    go. Their AS was still advertising their IP ranges via that Cogent link,
    and their one remaining router was redirecting traffic via the local
    exchange to ISP-2 that had agreed to harbour the stranded customers.

    For unkown reasons, ISP2 didn't get ISP1's onwer to stop broadcasting
    those IPs so that they could start broadcasting them. The day the cogent
    link went down, traffic to ISP-1's IP range stopped being deliverable.

    Later that day, ISP3 started to advertise those IPs and got its router
    to redirect to ISP2.

    The next day, ISP2 woke up and got ISP3 to stop advertising those IPs
    and it started to advertise them itself routing packets directly to
    their routers. This was about 3 years ago.


    whois 66.11.173.60 --> points to ISP1

    whois/server=whois.cymru.com 66.11.173.60 ---> points to ISP2


    Consider a company with 2 separate IP blocks and 4 network providers.
    It advertises the first IP block via ISP1 and ISP2, and advertises
    second IP block via ISP3 and ISP4 on a different router.

    So, before the move, AS17185 advertises 12.34.0.0/24 via Sprint and NAC.

    during the move, AS17185 advertises
    12.13.0.0/24 via Sprint and NAC AND
    56.78.0.0/24 via AT&T and Cogent

    after the move: AS17185 advertises:
    56.78.0.0/24 via AT&T and Cogent
    JF Mezei, Jun 22, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. harald rüger
    Replies:
    0
    Views:
    515
    harald rüger
    Oct 25, 2004
  2. papi
    Replies:
    4
    Views:
    2,200
    theapplebee
    Sep 8, 2009
  3. Charles Schuler

    Dynamic range questions

    Charles Schuler, Jan 8, 2004, in forum: Digital Photography
    Replies:
    25
    Views:
    822
    Bart van der Wolf
    Jan 10, 2004
  4. Robert Feinman

    Scene range vs dynamic range

    Robert Feinman, Jun 30, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    665
    Marvin
    Jul 4, 2005
  5. Patrick Michael

    Re: Questions....questions....questions

    Patrick Michael, Jun 16, 2004, in forum: A+ Certification
    Replies:
    0
    Views:
    798
    Patrick Michael
    Jun 16, 2004
Loading...

Share This Page