Re: [v6ops] [GROW] Deaggregation by large organizations

[Ray Hunter <v6ops@globis.net>]

> Iljitsch van Beijnum <mailto:iljitsch@muada.com>
> 25 October 2014 16:07
>
> Please have a look at my draft. I think that establishing an aggregate 
> of last resort coupled with BGP communities that allow for selectively 
> filtering deaggregates covered by an aggregate in the places where 
> they aren't desired helps both big organizations and network operators.
>
> If a big organization hires two tier-1 ISPs, for instance, and then 
> makes sure that the ISPs that its organizational subunits select for 
> their connectivity interconnect with the ISPs announcing the AoLR (as 
> peers or as customers), only networks that get paid need to carry the 
> deaggregates. Which is good for the ISPs that get paid (obviously), 
> for the ones that don't get paid (no deaggregates) and for the 
> organization (they know who to blame for connectivity issues).
>
I'm not convinced your draft is in line with my own understanding of how 
multinationals I know either use, or want to use the Internet, and why 
the de-aggregation occurs in the first place.

I'd thus like to see more data on where/why the de-aggregation is occurring.


Particularly my perception does not seem to fit the assumption of Section 2.

 > For reasons of cost and routing efficiency it's not possible or
    desired to use an internal network between the subunits or locations
    to transport traffic to/from the internet from one organizational
    subunit to another.

Internet "offload" is a common requirement for low value traffic, in 
conjunction with a private high quality internal Intranet for corporate 
apps like design tools, with both networks active simultaneously.

My thinking is that SADR, and running multiple (PA) prefixes within an 
enterprise will address this requirement. So each sub unit would carry 
both the multinational/global PI space and one or more local PA space 
prefixes obtained from the local ISP. Only the local PA space would be 
advertised out of each break out. That would be and prevent the need for 
de-aggregate routes to be advertised back into the individual ISPs 
serving the sub unit satellite sites.

Equally GRE tunnels or IPSEC tunnels over Internet are already 
common-practice to create virtual enterprise networks.

 > This way, deaggregates only have to be carried by ISPs providing the
    aggregate of last resort service and the ISPs connecting subunits of
    the organization.

I don't think enterprises want to be tied to ISP's at all. The hope/ 
dream is that once a prefix enters the global routing table, then it 
will be globally reachable.
I don't know of any small set of ISPs that can economically provide 
service in 50+ countries in some sort of coordinated aggregate ISP manner.

Equally, Section 3 seems to assumes that the customer/enterprise 
relationship is regional, which IMVHO is not always the case. 
www.myenterprise.com needs to be world wide reachable, but with local 
content delivered by CDN or local servers.

 > In theory, a user in Tokyo could connect to the internet in Madrid. 
In practice, this is is exceedingly rare.

I don't agree with this observation. I know of many cases e.g. where a 
break in/out for a 3rd party from China is made in Europe. Or where a US 
based company manages systems remotely in Europe, LATAM, Asia Pacific, 
and the US and has regional links to the customer (with a break in/out 
per region).



My particular worry with aggregates of last resort would be that with 
longest prefix match matching, it's becoming increasingly easy for 
longer prefixes to hijack important enterprise aggregates. So 
advertising an aggregate of last resort, whilst allowing sub units to 
advertise longer prefixes to other ISPs, might not be such a great idea 
for security.

-- 
Regards,
RayH