On Mon, 30 Nov 1998, Strelnikov Michael wrote:
] Please, explain to me what are AS Numbers and how to use them. How
]to define etc.
An institution (usually a provider) has its own AS# (autonomous system
number), if its routing policy diverges from its upstream provider. Some
institutions may also have their own AS# for historical reasons. An AS
contains (among other things) a set of networks, usually belonging to the
same provider.
The AS# in squid are used to have an easy way to obtain all IRR registered
networks belonging to the same provider. It is much easier to have squid
check out from the IRR the networks within an AS# at each startup, than the
error prone process of typing such an ACL all yourself. Also, the IRR data
might be more up to date, without having to rely on your NOC's goodwill to
send you notifications. Nevertheless, the AS# is only translated into a set
of networks, and the thus concluded ACL is then handled no different than
any other ACL.
You can use the AS# in squid for
1) some very basic request routing which is not based on domain names.
(Almost) all requests for any network in the same AS will travel the same
way - at least when leaing your AS. Thus you may decide to route those
requests along a certain cache along the way. Or set up a special cache
handling only requests destined for Netscape and M$, never caring if they
might have servers not containing their name.
2) access controls, which users/caches from whose networks may access my
caches. With large networks, you can thus allow all users access without
having to type in each single network.
3) deciding which servers to contact directly and which not (also a form of
request routing).
4) ...
The third option is especially nice, if you have slow links to other ASes,
but sufficient capacity within your own AS. Then you can configure your own
AS# for an always_direct, because fetching an object from the origin site
is in that case usually faster than going via a parent cache.
# configure a whois server which understands the MERIT syntax
# especially the '!gasXXXX' for obtaining all networks from
# a single AS#. Or set up your own local mirror. Or leave out.
as_whois_server fixme.merit.syntax
# example, insert your own (four-digit) AS# here
acl dst_local dst_as FIXME
always_direct allow dst_local
That will route all requests from your own AS directly to the origin
site. Please mind that (a) the ACL thus configured may contain several
hundred networks, (b) may not contain *all* networks belonging to your
provider, and (c) I have no idea how regularly the IRR is checked for new
networks. With some (bad) luck, the IRR obtained data in squid is static
(i.e. not a cache like the IP cache), and will only be checked during
startup. Thus restarting your squid like once a day should suffice to
obtain newly registered networks - if your provider is smaller, a larger
intervall will suffice.
I think (c) is a bug if it is not implemented as cache, but flooding any
whois service is not looked kindly upon by any admin.
Le deagh dhùrachd,
Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
Institute for Computer Networks and Distributed Systems
University of Hanover, Germany; +49 511 762 4726
Received on Mon Nov 30 1998 - 06:57:02 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:25 MST