Re: IRR Upstream\Downstream

2021-09-21 Thread Owen DeLong via NANOG 
Generally, you’ll need an export and import policy for each peer AS.

Export should describe what you send to them.
Import should describe what you will accept from them.

In the case of upstreams, that’s usually “to X export MYAS[+customer_AS list]” 
and “from X import ANY”.

In the case of downstream customers, that’s usually “to Y export ANY” and “from 
Y import Y”.

Obviously, if your customer has downstream ASs, that import policy will expand.

Owen


> On Sep 20, 2021, at 17:06 , Mike Hammett  wrote:
> 
> I'm trying to firm up my grasp of how I define my neighbor ASes in my IRR 
> entries.
> 
> https://bgp.he.net/AS40764#_irr 
> 
> In my aut-num, I've defined my two upstreams (Intercarrier and Cogent). I've 
> used their AS-Set or just their AS and used that in the export lines.
> 
> I'd assume I'd do the reverse in the import fields for any downstream 
> customers.
> 
> I realized after looking at this that I need to add an export to IX and other 
> peering connections.
> 
> What else do I need to change?
> 
> 
> 
> 
> Yes, I realized that I just asked NANOG to criticize me. Hopefully, I get 
> more help than flames.  ;-)
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com 
> 
> Midwest-IX
> http://www.midwest-ix.com

Re: IRR Upstream\Downstream

2021-09-20 Thread Matthew Petach 
On Mon, Sep 20, 2021 at 5:09 PM Mike Hammett  wrote:

> I'm trying to firm up my grasp of how I define my neighbor ASes in my IRR
> entries.
>
> https://bgp.he.net/AS40764#_irr
>
> In my aut-num, I've defined my two upstreams (Intercarrier and Cogent).
> I've used their AS-Set or just their AS and used that in the export lines.
>
> I'd assume I'd do the reverse in the import fields for any downstream
> customers.
>
> I realized after looking at this that I need to add an export to IX and
> other peering connections.
>
> What else do I need to change?
>
>


I find it easier to put in a set of entries like this:

import: from AS-ANY accept ANY export: to AS-ANY announce
AS-DIGITALNETWORKACCESS
 mp-export: afi ipv6
to AS-ANY announce AS-DIGITALNETWORKACCESS
-V6
mp-import: afi ipv6 from AS-ANY accept ANY

That takes care of anyone on an IX peering port that is doing filtering
based off IRR policies,
and then you should apply your own sanity filters on your import policies
on your router,
which you can update programmatically without having to keep updating your
IRR
policies.  ^_^

Matt





>
>
>
> Yes, I realized that I just asked NANOG to criticize me. Hopefully, I get
> more help than flames.  ;-)
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>

IRR Upstream\Downstream

2021-09-20 Thread Mike Hammett 
I'm trying to firm up my grasp of how I define my neighbor ASes in my IRR 
entries. 


https://bgp.he.net/AS40764#_irr 


In my aut-num, I've defined my two upstreams (Intercarrier and Cogent). I've 
used their AS-Set or just their AS and used that in the export lines. 


I'd assume I'd do the reverse in the import fields for any downstream 
customers. 


I realized after looking at this that I need to add an export to IX and other 
peering connections. 


What else do I need to change? 








Yes, I realized that I just asked NANOG to criticize me. Hopefully, I get more 
help than flames. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com