Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: URPF on small BGP-enabled customers?

  • From: Olsen, Jason
  • Date: Fri Jun 03 09:51:51 2005

>My network is a multi-homed stub AS and I only announce 5 prefixes. 

Not much different from many of my networks here, then.

> If they're paranoid enough to manually filter my BGP 
> announcements it's not much more work to manually filter my 
> source addresses too (nevermind the fact that I already do it 
> myself, but...)

SprintLink has been filtering BGP announcements since we came online
with them a few years ago.  They'd probably been doing it for some time
before then, too.  I don't see it as paranoid, to me it's just good
practice (if a bit difficult to manage when you're as large as SL is).  

Stupid questions I must ask:
* Did you actually give them all five prefixes when you were setting up
your BGP request (your statement is a little vague on that detail)?  
* Did you request a copy of the BGP filter they're applying to your
circuit(s)?  Do they look okay?
* What do route servers say about your prefixes/AS?  EG, does
oregon-ix.net see it as hanging off Sprint?
* You are announcing off a loopback address, right?

> I'm working through the SprintLink noc/support process but 
> I'm surprised this hasn't happened to any of their other 
> customers before now.

As has already been said, I'm sure it has... You just have to find the
engineers who've dealt with those situations before.  A lot of their
staff is fairly clueful but they're highly departmentalized.  BGP team
only does their BGP thing, etc.  It can be hard to do proper
troubleshooting when one team can only go so far before you're forced to
hand off and start the process anew.

Your best bet is to start with the obvious (get the BGP config and ACLs
they're applying for you) and work your way from there.
 
-jfo
Jason "Feren" Olsen           DeVry, Inc.
Senior Network Engineer       One Tower Lane
Em: jolsen@devry.com          Oakbrook Terrace, IL 60181-4624
Ph: 630.645.1607              Fx: 630.382.2929





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.