Hi Bernd, It can be done indeed, you need to create a proper route object for your prefix originated from their ASN, that is then signed for RPKI. To do so you need to have the proper auth from both the route mainainer and AS mantainer in the db. As far as L3 SLA, I never heard of doing BGP causing an SLA problem, can you ask them why is that? If that would be true, nobody would do IP transit anymore ;) Daniel -- Daniel Ponticello Direttore Tecnico e CEO REDDER Telco T: 0444 1783651 | F: 0444 1783652 | daniel.ponticello@redder.it www.redder.it Il 12/11/2019 13:01, Bernd Naumann ha scritto:
Hi Matthias,
But that's the point, we can and would prefer to maintain our own gear. I'm just find it curious that the provider states, that in this case we would get no L3 SLA.
And regarding "someone else announces our prefix": I just never heard of it that this is common. That's why I'm asking.
With this provider, or at this location we have not yet BGP in place.
To recap: Announcing "someone else" prefix is OK, and the ROA can be signed. As I have not seen this in the RPKI FAQ: can I also sign i.e. the aggregate ROA prefix, one time from our ASN and one time from the providers ASN? And things are still valid?
In this case I would not see a reason not to do it that way.
Bernd
On 12.11.19 12:50, Matthias Brumm | tkrz Stadtwerke GmbH wrote:
Hi!
We have done simlar things, if the customer does not want to maintain his own router or has no knowledge in this. Could you please explain, why there is such a problem? If you have an ASN and there are BGP sessions in place, announcing your prefix, you just change one session for the other.
Regards, Mit freundlichen Grüßen,
Hi,
I have a question about the validly of an option provided by our ISP.
Back story: We will move one of your office uplinks in germany next year to an other provider. They offered us various options how it could be implemented. In my personal option one option sounds technical crazier then the other, even that it is "enterprise".
The management involved raised concern when the ISP noticed that if we wanna use "just BGP" we will loose any SLA for L3 services. With no doubt I see managements point but now it comes:
Then the ISP offered us to announce _our_ prefix for us, from their ASN, and here I lost trust, and stopped the planning for now to get either confirmation or an other red flag.
- Is this even "allowed" or recommend by RIPE policies or BCPs? - Wouldn't that be at least looks like a/an BGP hijacking (attempt)? Because I have not seen / read about that implementation anywhere... - Just in case this is ok-ish, how would I setup the ROA with RPKI so that it would be come valid?
An other but related question: Regarding the "No SLA" thing: Could someone point me on how other ISPs handle this or what would be "industrial standard". I highly doubt the reasoning, that just because the customer is using his own gear that the ISP will get way with any disturbance of their service...
Naive me thought that it would be like in your data center installations: You get transit v4 and v6 networks from the provider, configure BGP and are done. Yes this does not prevent a customer to mis-configure things but in this case we would just get a default route and announcing one or more prefixes. I hardly see any pitfalls here.
Thanks in advise and for your time, Best, Bernd
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/daniel.ponticello%40r...