Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 548
  • Last Modified:

BGP

This is to clarify few things regarding BGP

1- I have a block of APNIC IP (/24) and AS number .I am using this block at one of my location and BGP is configured. Since most of the IPs are unused so I want to Subnet this /24 block to /27 and want to use one of the subnet and AS no. in other location to configure BGP. Now I talked to few ISP and the told me that they require /24 to advertise BGP traffic and they deny to advertise /27 .So is it true that For BGP minimum requirement is /24

2-: One of The ISP has given me solution that they will do it by advertising /27 and /24 both .According to them in their internal network they will broadcast /27 and on public domain it will broadcast /24 in both location .Is it possible if yes then is there any disadvantage of that Since on public domain it will broadcast /24  Are we able to create site to site vpn to any office abroad with this senario

waiting for reply
 
0
NeerVerma
Asked:
NeerVerma
1 Solution
 
JFrederick29Commented:
1.  Yes, this is pretty much the standard.  ISP's will only accept /24's or larger.  This is to help minimize the number of routes in the BGP table.

2.  This will work as long as you have the same ISP's in your locations that are originating the /24 and they all implement the same routing policy (if you have multiple ISP's).  You will run into problems if you have a second/different ISP that isn't also routing the /27 within their network or that isn't connected to both sites.  No problems with advertising the /24 into the public domain as once it gets into your ISP's network, the more specific /27 route will be used to the other location.  Yes, site to site VPN will work fine as long as the requirements mentioned are met.
0
 
Jan SpringerCommented:
The "standard", if there is one, is to filter based upon RIR allocations and assignments.  As your assignment is a /24 that's most likely how it will be filtered.

For those ISPs that filter based upon the size of the routing table, /24 is a common lower figure although I have accepted up to /28s.

I would recommend (for example and if you have enough bandwidth at both locations), to announce the /24 and the /27.  Using OSPF through a GRE tunnel you can route traffic to the other location, if need be.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now