[6bone] non-global address space for IXs (was: 2001:478:: as /48)

John Fraizer tvo@EnterZone.Net
Mon, 8 Sep 2003 08:48:55 -0400 (EDT) 

On Mon, 8 Sep 2003, Alexander Koch wrote:

> On Sun, 7 September 2003 15:53:54 +0200, Jeroen Massar wrote:
> > > OpenTransit does it (and therefore the local replica of
> > > F.ROOT-SERVERS.NET in HonkKong is announced world-wide).
> > > You want to sever links with OpenTransit?
> > 
> > OpenTransit should be flogged in that case :)
> 
> Opentransit has had no community setup yet, so Fabien did
> not have any other chance than sending full table or nothing.
> I do not if that has changed by now.

Ther don't need to set up their own community to honor the "well
known" community "no-export".  Every compliant BGP implementation honors
no-export unless you explicitly strip that community from routes on their
way in.

> 
> > glbx and Tiscali drop some no-export's too, they should obey it.
> 
> In fact we overwrite every prefix with a set of well-
> defined community settings according to the countries where
> it enters our network. Let me know the prefixes in question
> and I'm happy to work things out!
> 

Perhaps you should look at using "additive" vs overwriting the
communities.  At the very minimum, you shouldn't strip off the
"no-export" community.

I realize that it can be a pain to strip SOME communities but not ALL
communities.  Believe me - I know.  I posted a very detailed configuration
not too long ago that does just that though.  You define the communities
that you will be using internally and those communities are stripped on
the way in if they're on the prefixes.  Again though - "no-export" should
not be stripped and should ALWAYS be honored.

In the case of opentransit not stripping it so they can "show it" to their
customers, they don't need to show it to their customers.  If it's an
anycast prefix thats being used, and their customer tries to go to that
anycast address, once the traffic makes it onto OT's network - they're
going to send it to the closest one.  They don't need to leak the
"no-export" tagged routes to make that work.


--
John Fraizer
EnterZone, Inc 
(13944+$|13944+_14813+$|13944+_17266+$)
PGP Key = 6C5903C4
Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4