1

I am now committed to the study of large network security, and I will meet many kinds of IP Address. What make me puzzled is some IP belongs to more than one AS system and AS numbers, and the BGP prefix of this numbers has more than one too.

For example, the IP address 1.82.208.56 belongs to AS4134 and AS134418, and has three BGP prefix 1.80.0.0/13 1.82.128.0/17 1.82.208.0/20, and AS4134 has two BGP prefix 1.80.0.0/13 1.82.128.0/17. They looks like subordinate at this time, but why? Which AS number is 1.82.208.56 exactly belongs to?(AS4134 or AS134418) Which routing rules does 1.82.208.56 follows?

Reference:https://bgp.he.net/ip/1.82.208.56

I'm new to BGP and AS numbers and there are few related tutorials, I'll appreciate it if you can tell me in detail and give me some references and books

tianjianbo
  • 17
  • 3

1 Answers1

0

Wow, that's a long question. There's so many things that needs to be addressed.

  • IPs do not belong to ASes. They are routed by. AS, IP, Domains, etc.. are names and numbers which usage rights are delegated to individual or organisations.
  • Each BGP Speaker (router speaking BGP) takes its own routing decisions based on many factors. While there are default/recommended behaviours for this decision, they can be and are overrided by netadmins to optimise routing.
  • When BGP Speakers takes a routing decision, it's always about deciding between two or more identical prefixes (ip/subnet). It's never about two or more different prefixes.
  • Routing lookup will always match the more specific route and will follow that route. For example, if a router needs to find the path for 192.0.2.50 and it has a route 192.0.2.0/24 and another 192.0.2.0/25, it will ALWAYS take the more specific 192.0.2.0/25.
  • Some network operators split their subnets to "tune" their routing. Imagine a company having one network across the atlantic. On each side they have a datacenter. They want the European traffic to enter their network in Europe and their US traffic to enter their network in the US. This is one of many reasons to split your prefix into smaller pieces and they will announce their European network in Europe and their US network in the US. But to make sure no one will be missed, they still announce their "larger" network.
  • Splitting your prefix into smaller pieces is not considered good practice. The reason for this is the current size of the routing table. We have now reached over 650'000 prefixes. 56% of them a tiny /24. While they represent 56% of the prefixes they are less than 3% of the currently routed address space.
  • As for your question regarding the ASes that does not really matter. IPs are routed not ASes. The AS Path and the origin AS are properties of a route and are taking into account in the routing decision but what's routed are IPs.

NOTE: One of the worst case I know of network splitting (actually it's called deaggregation) is 126.0.0.0/8 which split their /8 into 256 /16 for some obscure (unknown but obscure sounds cooler) reasons. NOTE2: IF you want to made some routing lookups you may use my project website. It's under active development, so it may not always work.

IANA - Internet Assigned Numbers Authority

Cisco BGP Best Path Selection Algorithm

spale
  • 100
  • 5