The Gorgon's Knot. Was: Re: Verio Peering Question
E.B. Dreger
eddy+public+spam at noc.everquick.net
Sat Sep 29 01:32:00 UTC 2001
> Date: Fri, 28 Sep 2001 17:30:15 -0700 (PDT)
> From: Sean M. Doran <smd at clock.org>
[ snip ]
> | + The whole Internet with as much reliability as possible?
>
> if #3 then what's the problem with:
>
> ip as-path access-list 1 permit _badguy_
>
> route-map fix-badguy permit 10
> descr proxy-aggregate the networks who are "holey"
> match as-path 1
>
> router bgp my-as
> aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy
> aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy
> ...
And one aggregates a lone /24 with what? Again, my point (and I
believe Patrick's) is that there are valid reasons for an entity
without a PI /20 to multihome. Filter the /24s, and we have a
problem.
Of course, I guess that AT&T, PSI, BBN, etc. can save their
multihomed downstreams from certain filtration by... allocating
more IP space in 60/8 through 66/8, or from "class C" space. How
efficient.
> So, rather than make a subtle change that some backwards ISPs never
> even noticed, a more forceful change (filtering) was made, and everyone
> noticed that, but more because of the continuing bad PR about how evil
> and rapacious it was to filter in the first place.
*sigh*
Maybe I need to use more emoticons. The part where I said that
filtering is a good thing -- _to a certain extent_ -- was
serious...
> | Maybe I'll filter anything longer than a /8...
>
> Please do, and tell us what you CAN'T reach after you throw
> away all the longer prefixes, and if you care after you
> install a default or proxy-aggregate, or whatnot to try to
> retain connectivity to those "extraneous info" destinations.
...and I _certainly_ hope that nobody believed me on this one.
Filtering longer than /8 is clearly stupid. Filtering /32 is
clearly a good thing. Now, where do we draw the line?
Do we filter multihomed /24s? I vote that's unacceptable. As
Patrick pointed out... if _all_ major carriers filtered _all_
/24 adverts, one would essentially be single-homed to one's IP
space provider.
Back to "route to the whole Internet with as much reliability as
possible". I contend that someone purchasing bandwidth wants to
maximize reliability to _all_ of the Internet. Someone selling
bandwidth should deliver.
I offer the overused example of AS11643... they're just basement
multihomers with /24, /23, and /22 prefixes. Clearly those
adverts deserve to be filtered. *waves big sign stating "sarcasm
here"*
If EXDS routing were fscked, how does one reach 216.32.120/24?
Assume for the sake of this discussion that one cannot hear /24s
via 701, 1239, or 6461. [How much is eBay paying XO to carry its
longer prefixes?]
So: Where do we draw the line on filtering?
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist at brics.com>, or you are likely to be blocked.
More information about the NANOG
mailing list