1. Home
  2. Cisco Systems
  3. BGP, AS, IP range questions

BGP, AS, IP range questions

There are a few things rattling in my head that I have never truly understood, I am hoping this list might be able to help.

A multi-homed AS consists of an AS number registration (from ARIN), a routing policy (i.e. BGP4), and an IP range assingment (from ARIN).

The AS is registered with your name, address, etc.,.

The IP assignment is registered to an OrgID, with POCs, etc.,.

However, there is nothing that explicitly associates a given IP block with an ASN. Most of the time, the AS is run by the same people who have that IP assignment, aka ISPs, and so on. But it is possible, and occurs every day, where an end-user runs their own AS, and is advertising an IP range that is not assigned to them, rather it is assigned to one of their upstream providers.

To really find out which AS is advertising a given IP range, you have to query a variety of live BGP and route server resources, and there are plenty of them out on the internet.

Here's my question. Lets say Joe Schmoe registers an AS. He connects it to the internet via some provider using BGP.

Two scenarios:

  1. Joe "steals" an IP range from somebody else, that is currently not being advertised anywhere by any AS - and starts advertising it from his newly formed AS.

  1. Joe "steals" an IP range from somebody else, that IS currently being used and advertised by another AS, but Joe advertises it anyway from his AS,

For those two cases, what happens? What prevents it? What is the fallout from #2 to the real owner of that IP assignment? Does this ever occur, or is it so rare its not an issue.

These questions came about because I am in the process of migrating a datacenter. We are setting up a new AS in the new datacenter, it wont advertise any IPs right now. But the night we cutover, it will start advertising the IPs that previously have been running on our original AS - after we shutdown the original AS/router.

Thanks John

Reply to
essenz
Loading thread data ...

BGP routing policies are documented on routing registries (eg RIPE, ARIN etc.) and ISP's usually filter advertisments based on that routing information. I work with RIPE and when we get a new PA assignment we have to register a route-object that ties in the IP block to the ASN. Other networks can then base filters on this info in the database.

For example,

route: 213.249.128.0/18 descr: KINGSTON-NET001 origin: AS12390 mnt-by: KINGSTON-MNT source: RIPE # Filtered

This ties the /18 netblock to AS12390. Basically it's down to networks running BGP keeping upto date filters and ensuring that BGP advertisments from customers are subject to prefix-list and AS path filters to ensure that bogus routes don't make it out.

Chris.

Reply to
Chris

See thats where I am confused. I didn't think ARIN maintained a database of which IP assignments belong to which ASN. If that database exists, how does one make changes to it.

I do remember when I got my first IP allocation, and the template does ask for the origin AS. But I was never sure how that info is used on the backend.

Back to migration situation. Currently I am running AS 17185. We are setting up a new AS in the new datacenter, not assigned yet, but for arguments sake, lets call it AS 17195. My plan was to bring up AS

17195. Let it run for a few days, then on the night of migration simply turn-off AS 17185, and start advertising those IP on the new AS 17195. Will this work? Or do I have to notify ARIN, and worry about updating a database somewhere.

-John

Reply to
essenz

"essenz" ha scritto nel messaggio news: snipped-for-privacy@q75g2000hsh.googlegroups.com...

Hi,

More often than not whole reserved, not allocated or even "stolen/hijacked" prefixes are advertised by some ASes around the world... ( prevalently in Asia ) Even whole ASes are hijacked.

Sometimes this is done by error... but more often than not it is done to do harm to someone.

Both you and your AS peers should filter the advertisements received/sent.

Regards, Gabriele

Reply to
Gabriele Beltrame

Hi John,

I've never worked with ARIN, just RIPE so I don't know anything about their procedures. You may be better off speaking to your upstream providers as they will most likely filter your advertisments based on either manaual filters or some database. If they do it automatically then they should be able to point you to the correct database where you can define the origin. If it's manaual then just let them know what AS will be advertising what prefixes and then they can arrange to update the filters. This is how we work with our customers. They tell us what prefixes they are advertising from their AS and we update the filters accordingly.

Good luck,

Chris.

Reply to
Chris

Is there a reason to ask for a new ASN ?

Consider a company switching from Sprint/NAC to AT&T/Cogent. They don't need a new AS. Once they connect to the new transit providers, the BGP announcements flow through the new providers, and the world then knows that to reach those IPs, you send to those providers.

Here is a real world example that happened a couple years ago:

ISP-1 is shutdown, but their contract with Cogent still had 3 months to go. Their AS was still advertising their IP ranges via that Cogent link, and their one remaining router was redirecting traffic via the local exchange to ISP-2 that had agreed to harbour the stranded customers.

For unkown reasons, ISP2 didn't get ISP1's onwer to stop broadcasting those IPs so that they could start broadcasting them. The day the cogent link went down, traffic to ISP-1's IP range stopped being deliverable.

Later that day, ISP3 started to advertise those IPs and got its router to redirect to ISP2.

The next day, ISP2 woke up and got ISP3 to stop advertising those IPs and it started to advertise them itself routing packets directly to their routers. This was about 3 years ago.

whois 66.11.173.60 --> points to ISP1

whois/server=whois.cymru.com 66.11.173.60 ---> points to ISP2

Consider a company with 2 separate IP blocks and 4 network providers. It advertises the first IP block via ISP1 and ISP2, and advertises second IP block via ISP3 and ISP4 on a different router.

So, before the move, AS17185 advertises 12.34.0.0/24 via Sprint and NAC.

during the move, AS17185 advertises 12.13.0.0/24 via Sprint and NAC AND 56.78.0.0/24 via AT&T and Cogent

after the move: AS17185 advertises: 56.78.0.0/24 via AT&T and Cogent

Reply to
JF Mezei

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.