Internet Transit
If an organisation uses BGP to connect with more than one internet service provider for redundancy, it runs the risk of becoming an accidental transit provider.
Using BGPs default configuration, any AS that are received through one BGP peer on one provider, may be advertised out of the other link to the other service provider. The organisations router advertises that networks can be reached by transiting through the organisations router, making it a transit AS.
Transit routing can be prevented by implementing outbound BGP policies, such as only allowing the organisations AS to be advertised to a BGP peer.
Branch Transit
When it comes to using BGP for transit between branches of an organisation, a well tuned network is optimal. It helps prevent routing loops and keeps troubleshooting simple.
If a network is kept symmetric with both paths of the traffic (send and receive) utilising the same link, this is called a deterministic network. A deterministic network is when flows between the sites are predetermined and predictable.
If a branch transit network is not tuned, a failure in the BGP process could led to a circuits router becoming oversaturated, or routing patterns becoming unpredictable.
When a network route goes down an unpredictable and undetermined path, it could lead to delays in troubleshooting or failovers not working as intended.
Leave a Reply