Using unallocated address space
michael thomas guldan
michael at core.ele-mental.org
Fri Feb 16 17:45:45 UTC 2001
On Thu, Feb 15, 2001 at 01:16:29PM -0800, smd at clock.org wrote:
>
>
> Cool, speeding tickets for people with 10Gbps links in production today.
>
"if you route, don't drink. if you drink, don't route."
> We don't need a "police force" per se as much as a functionary who, on
> behalf of the paying membership of the registry, tries to establish
> (e.g., with a phone call! or some email!) whether the announcement
> is a question of simple, honest misconfiguration or misunderstanding,
> or whether it's deliberate. Moreover, with another couple of
> phone calls (or email), a deliberately bad announcer can talk with
> the network(s) immediately upstream from a deliberate bad-announcer
> and suggest that the membership as a whole would appreciate the
> installation of strict filters against the bad announcer.
>
i agree that a setup as described here could have it's place.. i'm warning
against the "hang `em high" attitude that was being proposed in earlier
posts... that isn't to say i don't still have misgivings about such a
system, just that your proposal seems much more sane.
some sort of education and intervention system makes more sense than
a blackhole for any perceived offense approach...
> If that produces no results, rat out the source and its immediate
> upstreams to the whole membership.
>
> | and the offending party will announce 32 /23s.. what will this solve?
>
> Great, so we know that the offending party is not only deliberately
> announcing bogus data into the routing system, but actually _disrupting_
> it. This is what real-life police are for.
>
perhaps this example was a little disingenuous on my part.. perhaps a
better example would be: what happens when people just announce 32 /23s
instead of 2 /19s to make it harder to blackhole... indeed, if people
are announcing the /23s right off the bat, it's harder to prove that
they are being malicious(tho it might not be as hard to prove that
they're idiots :-)..
> Sean.
On Fri, Feb 16, 2001 at 03:46:29PM +0100, Daniel Karrenberg wrote:
>
> In principle this is a good idea. However I suspect that the effort involved
> in getting to the right people at the announcing AS and/or their up-stream
> peers is "not negligible". So this can easily become a serious effort.
>
i agree, as the "right people" in this case would not only have to be good
network engineers, but also good at communicating with others AND relatively
immune to politics....
> As a person somehow connected to the registry system ;-) I would be interested
> to hear privately from ISPs whether they would like such a service and
> -more importantly- whether they would be prepared to put procedures in place
> by which the registries can reliably reach knowledgeable routing engineers
> that have the task of tracking down such problems as well as the resources and
> authority to do so.
>
i think for something like this to work well, it would have to be somewhat
separate from the individual registries...
> Daniel
michael
--
e: michael at ele-mental.org c: +1.614.260.6716 u: www.ele-mental.org
Wir fahr'n fahr'n fahr'n auf der Autobahn
More information about the NANOG
mailing list