Always nice to read someone has already done what's been proposed.

@Richard Burts in your described case, what was the source AS?  I can see either Zayo or OP being source.  Simpler is OP is source, possibly (?) especially if conditional BGP is being used.

@Joseph W. Doherty I agree nice to read response from someone who has done it. Of the many customers I have worked with implementing BGP, only ONCE have I needed to implement this feature. (and spent a good while figuring out how to do it right) And I would comment that it requires a customer who has a /24 allocation from their primary ISP, which is why it is pretty rare.

I am not clear about your question about source AS. It has been many years and I no longer have access to the customer configs, so I rely on my memory. In normal circumstances the /24 was not advertised (it was part of the primary ISP address block). When the customer detected a failure in primary ISP it used conditional advertising to announce the /24 with the customer AS as the source.

"pretty rare", indeed, never heard of it being done, but with depletion of IPv4 addresses, I can see it as a way to dual home a customer.

Sorry for my confusion about source ASN.

If we only had one ISP, it would advertise its public IP address block(s) using its ASN.  Once traffic to one of its advertised address blocks got to it, internally, it would route that traffic to the correct customer.  (This is also how an ISP can hand out subnets of a public /24 to different customers.)

If a company wanted to use multiple ISP, in ye olden times, the customer would apply for an ASN and an address block(s), and advertise such address block(s) to whoever they publicly peered with.

The big difference, for the two prior approaches, in the first, the /24 would have the ISP ASN, in the second, the /24 would have the company's ASN.

In this case, the ISP, Zayo, should be the "owner" of the /24, and when seen on the Internet, you would expect to see the last ASN as Zayo's.

The easiest way, I think, to proceed, would be for Zayo to "sublet" the /24, i.e. allow it to appear to be coming from our OP's ASN (much as you would if OP actually "owned" the /24).  Don't know all the ARIN rules, whether this is "kosher".

An alternative, would be, since the OP does have a public ASN, logically have it peer with Zayo and Comcast, providing "transit", but only for one particular /24.  In this case, the final ASN for the /24 would still be Zayo's ASN.  This approach, would be more complex to get "right", but the /24's ASN would be seen, on the Internet, with the final ASN as expected from ARIN info (unless they too now support "subletting"?).

Rich, is the forgoing making any sense?  Basically, for such a "borrowed" public address block, what was the final path ASN for it in your case, do you recall?

@Joseph W. Doherty I have a couple of comments:

You said "If a company wanted to use multiple ISP, in ye olden times, the customer would apply for an ASN and an address block(s)". Yes in ye olden times it was easier for a customer to request and be granted an address block and an ASN. And in that case redundancy/failover would have been easier since the customer could have advertised its address block through both ISP. Certainly not the case in more recent times for an address block. 

You said "An alternative, would be, since the OP does have a public ASN, logically have it peer with Zayo and Comcast, providing "transit", but only for one particular /24" I am not sure that it is important whether the OP has a Public or a Private ASN. In the OP they have Public, I believe that my customer has a Private. And it works the same for either. Also it is not really "transit" since traffic to the /24 from Internet would come to Comcast, from Comcast to customer, and stop there.

You also said "The easiest way, I think, to proceed, would be for Zayo to "sublet" the /24, i.e. allow it to appear to be coming from our OP's ASN (much as you would if OP actually "owned" the /24)." That is exactly correct. The Letter of Agreement that Zayo needs to supply is an agreement that the customer is permitted to advertise the /24 address block to other ISP as if they were the true owners of the address block.

Also you say "In this case, the ISP, Zayo, should be the "owner" of the /24". Agreed that if you did a lookup of the first 3 octets it would show that the network belongs to Zayo. But if the /24 is being advertised if you look at the AS path in the advertisement the earliest ASN would be the customer not Zayo. And I think that asnwers your question " what was the final path ASN for it in your case" It was the customer ASN.

Thank you Richard and Joseph for your comments. 

Richard, as for the final path ASN, it is still Zayo's currently.  The LOA portion has not been formally finalized yet.  But my assumption is that the ASN on the /24 will be changed to our ASN?

When we initially discussed BGP peering with Zayo and Comcast, we were told to obtain an ASN from ARIN and an LOA from Zayo.  I also had to complete a form from Comcast that asks about the IP address range to route, the ASN, partial or full routes, etc.  There also an order form from Zayo to enable BGP on the circuit with a one-time cost of $250.  I'm assuming this includes the LOA?  I'm also assuming that once these have been fulfilled, then the router configuration that will need to take place enable for the BGP peering with active/standby to work.  I'm trying to see if we can do the configuration ourselves or may need professional service enable for this to work, if possible.

Richard

https://ipwithease.com/advertising-public-ip-pool-over-multiple-isp-links-using-pi-pa-address-block/

check this Link to get why I mention Public Pool
this important in design 

MHM

---

@MHM Cisco World wrote:

https://ipwithease.com/advertising-public-ip-pool-over-multiple-isp-links-using-pi-pa-address-block/

check this Link to get why I mention Public Pool
this important in design

---

In the context of your reference, I suspect you're seeing this as PAs, where you get one from each ISP and use an external global traffic manager to direct traffic to the different ISP provided addresses.

What I believe OP is doing, is similar to what my Quora reference is describing, and what Rick and I have been discussing.

First response in

https://www.quora.com/What-if-I-bought-an-IP-block-from-an-ISP-I-have-the-LOA-How-do-I-get-these-IPs-advertised-on-the-internet-so-I-can-assign-them-to-VPS-in-my-data-center

I think is what you're doing.

---

@Richard Burts wrote:

You said "An alternative, would be, since the OP does have a public ASN, logically have it peer with Zayo and Comcast, providing "transit", but only for one particular /24" I am not sure that it is important whether the OP has a Public or a Private ASN. In the OP they have Public, I believe that my customer has a Private. And it works the same for either. Also it is not really "transit" since traffic to the /24 from Internet would come to Comcast, from Comcast to customer, and stop there.

What I had in mind, is just transit the route /24 advertisement, not the traffic to the /24.  (OP's AS would shortstop that traffic.)  So, to make this work, probably would need a public ASN, otherwise you would see the private ASN, which I suspect doesn't want to been seen on the Internet.   Also using this approach, I believe, gets messy, quickly, like if the link to Zayo goes down.

In any case, thanks again, for bringing up an actual prior case.

Hello @Joseph W. Doherty ,

from a practical point of view the kind of agreement between the two ISPs should work in the following manner:

a)  the public prefix /24  is taken from a greater less specific prefix that belongs to primary ISP Zayo

b)  the customer is allowed to advertise the specific /24 prefix to both Zayo and Comcast using his own ASN

c)  Zayo performs route aggregation and advertise to the internet only the less specific prefix for example /20 as locally originated

d)  The agreeement between Zayo and Comcast allows the second one to advertise the /24 prefix to Zayo on direct eBGP peerings between them  ( either private or in an internet exchange) with the only purpose to provide a backup path to Zayo. Comcast will not propagate the prefix to other peers  ( for example using a BGP community )

e)  from internet point of view only the aggregate /20 for example is seen in the BGP tables of other ISPs with source ASN = Zayo's ASN

This scenario is possible now that 4 bytes ASN exist , before the customer could not get a BGP ASN without also having its own IPv4 public address block and this kind of scenario would have used a private ASN on customer side.

Hope to help

Giuseppe

@Giuseppe Larosa from what you've described, if the Zayo link fails, only Comcast customers would still have connectivity to OP's /24 correct?

If correct, I suspect that's not what OP desires.

Hello @Joseph W. Doherty ,

no primary ISP aggregate route needs to be alive and advertised even if the component route /24 for customer has disappeared and then learned via secondary ISP.

This can be done so no in case of failure the customer can still be reached by internet.

Hope to help

Giuseppe

Ah, I think I (finally) understand what you're describing.

Comcast provides an alternative/backup path between Zayo and the OP, not a alternative/backup path to the Internet, without still transiting Zayo.

Thank you Giuseppe for the explanation.  Very helpful.