BGP filtering PA and PI blocks

Discussion in 'Cisco' started by Glen Watson, Jun 12, 2006.

  1. Glen Watson

    Glen Watson Guest

    Allot of documenation i have read suggest PA blocks are less likley to be
    filtered out of BGP announcements that PI blocks.

    Out of curiousity how does a filter differenciate between a PA and PI block,
    i would have thought an address block can only be differentiated by its
    prefix length alone ?
     
    Glen Watson, Jun 12, 2006
    #1
    1. Advertising

  2. On 12.06.2006 15:45 Glen Watson wrote

    > Allot of documenation i have read suggest PA blocks are less likley to be
    > filtered out of BGP announcements that PI blocks.
    >
    > Out of curiousity how does a filter differenciate between a PA and PI block,
    > i would have thought an address block can only be differentiated by its
    > prefix length alone ?
    >
    >


    Have for example a look at

    inetnum: 195.50.106.0 - 195.50.106.255
    netname: YAHOONET
    descr: YAHOONET
    country: GB
    admin-c: KW3969-RIPE
    tech-c: LTHM
    status: ASSIGNED PA
    remarks: all abuse reports to
    mnt-by: LEVEL3-MNT
    mnt-lower: LEVEL3-MNT
    mnt-routes: YAHOO-MNT
    source: RIPE # Filtered


    The status field gives you information about PA or PI


    Arnold
    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Jun 13, 2006
    #2
    1. Advertising

  3. Glen Watson

    Glen Watson Guest

    Thanks.

    So do isp's actually compile a list PA an PI space using whois and put this
    information into thier BGP route filters ? Seems it would be a very tedious
    way of filtering PI announcements.

    "Arnold Nipper" <> wrote in message
    news:...
    > On 12.06.2006 15:45 Glen Watson wrote
    >
    > > Allot of documenation i have read suggest PA blocks are less likley to

    be
    > > filtered out of BGP announcements that PI blocks.
    > >
    > > Out of curiousity how does a filter differenciate between a PA and PI

    block,
    > > i would have thought an address block can only be differentiated by its
    > > prefix length alone ?
    > >
    > >

    >
    > Have for example a look at
    >
    > inetnum: 195.50.106.0 - 195.50.106.255
    > netname: YAHOONET
    > descr: YAHOONET
    > country: GB
    > admin-c: KW3969-RIPE
    > tech-c: LTHM
    > status: ASSIGNED PA
    > remarks: all abuse reports to
    > mnt-by: LEVEL3-MNT
    > mnt-lower: LEVEL3-MNT
    > mnt-routes: YAHOO-MNT
    > source: RIPE # Filtered
    >
    >
    > The status field gives you information about PA or PI
    >
    >
    > Arnold
    > --
    > Arnold Nipper, AN45
     
    Glen Watson, Jun 13, 2006
    #3
  4. Glen Watson

    chris Guest

    "Glen Watson" <21.com> wrote in message
    news:448eba9b$0$22089$...
    > Thanks.
    >
    > So do isp's actually compile a list PA an PI space using whois and put
    > this
    > information into thier BGP route filters ? Seems it would be a very
    > tedious
    > way of filtering PI announcements.


    No, that would be tedious and unmanageable. ISP usually filter on prefix
    size and filter out long prefixes (say /24 and up) as ISP's usually
    advertise /16, /17 etc.. That's one way of doing it anyway.

    PI space would tend to have a longer prefix and so would be more likely to
    be filtered by tier 1 (or maybe even tier 2) ISP's.

    Chris.
     
    chris, Jun 13, 2006
    #4
  5. On 14.06.2006 00:03 chris wrote

    > "Glen Watson" <21.com> wrote in message
    > news:448eba9b$0$22089$...
    >> Thanks.
    >>
    >> So do isp's actually compile a list PA an PI space using whois and put
    >> this
    >> information into thier BGP route filters ? Seems it would be a very
    >> tedious
    >> way of filtering PI announcements.

    >
    > No, that would be tedious and unmanageable. ISP usually filter on prefix
    > size and filter out long prefixes (say /24 and up) as ISP's usually
    > advertise /16, /17 etc.. That's one way of doing it anyway.
    >
    > PI space would tend to have a longer prefix and so would be more likely to
    > be filtered by tier 1 (or maybe even tier 2) ISP's.
    >


    To be more precise they actually might use something like
    ftp://ftp.ripe.net/ripe/docs/ripe-380.txt which is also available for
    the other registries (ARIN, AfriNIC, LACNIC and APNIC)


    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Jun 13, 2006
    #5
  6. Glen Watson

    Grog Guest

    On Tue, 13 Jun 2006 23:03:29 +0100, "chris"
    <> wrote:

    >
    >"Glen Watson" <21.com> wrote in message
    >news:448eba9b$0$22089$...
    >> Thanks.
    >>
    >> So do isp's actually compile a list PA an PI space using whois and put
    >> this
    >> information into thier BGP route filters ? Seems it would be a very
    >> tedious
    >> way of filtering PI announcements.

    >
    >No, that would be tedious and unmanageable. ISP usually filter on prefix
    >size and filter out long prefixes (say /24 and up) as ISP's usually
    >advertise /16, /17 etc.. That's one way of doing it anyway.
    >
    >PI space would tend to have a longer prefix and so would be more likely to
    >be filtered by tier 1 (or maybe even tier 2) ISP's.
    >
    >Chris.
    >



    The general guideline between tier 1s is to filter at the /24 and
    shorter level. (/23, /22, etc..)

    Longer prefixes between peers will usually be dependent larger
    aggregate blocks to pass between peers. Since PI space is doled out
    at /24 and larger, it usually doesn't encounter filtering based on
    mask length. I believe there are a couple filtering at /21 level
    still. (not 100% on that)

    Glen, the nsp's don't really care if it is PA or PI space and don't
    compile lists like that.

    Grog
    late, I know...
     
    Grog, Jun 18, 2006
    #6
  7. Glen Watson

    Glen Watson Guest

    Thanks.

    So if i had my own addresses that couldn't be agregated, say of prefix
    length /23 i could well be stuffed due to the filtering that could occur
    between tier 1's

    I say this as we qualify for our own /23 small pa space with RIPE. If we
    chose to go down that route and announce our routes with bgp via 2 upstream
    isp's through multihoming we could get filtered.

    It sounds like we may be better getting address space allocated out of one
    isp's aggregatable block and announce this over both isp's so that way at
    least we could rely on the shorter prefix aggregates getting announced
    everywhere.

    Have i understood correctly ?


    "Grog" <> wrote in message
    news:...
    > On Tue, 13 Jun 2006 23:03:29 +0100, "chris"
    > <> wrote:
    >
    > >
    > >"Glen Watson" <21.com> wrote in message
    > >news:448eba9b$0$22089$...
    > >> Thanks.
    > >>
    > >> So do isp's actually compile a list PA an PI space using whois and put
    > >> this
    > >> information into thier BGP route filters ? Seems it would be a very
    > >> tedious
    > >> way of filtering PI announcements.

    > >
    > >No, that would be tedious and unmanageable. ISP usually filter on prefix
    > >size and filter out long prefixes (say /24 and up) as ISP's usually
    > >advertise /16, /17 etc.. That's one way of doing it anyway.
    > >
    > >PI space would tend to have a longer prefix and so would be more likely

    to
    > >be filtered by tier 1 (or maybe even tier 2) ISP's.
    > >
    > >Chris.
    > >

    >
    >
    > The general guideline between tier 1s is to filter at the /24 and
    > shorter level. (/23, /22, etc..)
    >
    > Longer prefixes between peers will usually be dependent larger
    > aggregate blocks to pass between peers. Since PI space is doled out
    > at /24 and larger, it usually doesn't encounter filtering based on
    > mask length. I believe there are a couple filtering at /21 level
    > still. (not 100% on that)
    >
    > Glen, the nsp's don't really care if it is PA or PI space and don't
    > compile lists like that.
    >
    > Grog
    > late, I know...
    >
    >
    >
    >
    >
     
    Glen Watson, Jun 19, 2006
    #7
  8. Glen Watson

    Grog Guest

    On Mon, 19 Jun 2006 18:49:23 +0100, "Glen Watson"
    <21.com> wrote:

    >Thanks.
    >
    >So if i had my own addresses that couldn't be agregated, say of prefix
    >length /23 i could well be stuffed due to the filtering that could occur
    >between tier 1's
    >
    >I say this as we qualify for our own /23 small pa space with RIPE. If we
    >chose to go down that route and announce our routes with bgp via 2 upstream
    >isp's through multihoming we could get filtered.
    >
    >It sounds like we may be better getting address space allocated out of one
    >isp's aggregatable block and announce this over both isp's so that way at
    >least we could rely on the shorter prefix aggregates getting announced
    >everywhere.
    >
    >Have i understood correctly ?
    >



    With a /23 you should be fine since /23 > /24. With your PI /23
    and 2 upstreams, you should have no problems announcing your route
    globally. I personally think it is better to get PI space than PA if
    you qualify for it. If you change upstreams later on and have PA
    space, think of the nasty renumbering job you have in front of you.


    When it comes to address space, think in terms of 32 bit addresses, so
    it helps to be able to think in binary (well, kinda).

    larger (more total ip addresses) netblocks have shorter netmasks.
    smaller netblocks have longer netmasks.

    Now, that should be clear as mud.. :)
     
    Grog, Jun 20, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Spuds

    BGP filtering question

    Spuds, Jul 17, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,349
    Spuds
    Jul 17, 2003
  2. harald rüger
    Replies:
    0
    Views:
    574
    harald rüger
    Oct 25, 2004
  3. papi
    Replies:
    4
    Views:
    2,289
    theapplebee
    Sep 8, 2009
  4. Glen Watson

    BGP multihoming and PA blocks

    Glen Watson, Jun 1, 2006, in forum: Cisco
    Replies:
    2
    Views:
    963
    theapplebee
    Jul 24, 2009
  5. Replies:
    2
    Views:
    760
    Daniel-G
    Jun 26, 2010
Loading...

Share This Page