The Gorgon's Knot. Was: Re: Verio Peering Question

E.B. Dreger eddy+public+spam at noc.everquick.net
Sat Sep 29 01:32:00 UTC 2001


> Date: Fri, 28 Sep 2001 17:30:15 -0700 (PDT)
> From: Sean M. Doran <smd at clock.org>

[ snip ]

> | + The whole Internet with as much reliability as possible?
> 
> if #3 then what's the problem with:
> 
> 	ip as-path access-list 1 permit _badguy_
> 	
> 	route-map fix-badguy permit 10
> 	 descr proxy-aggregate the networks who are "holey"
> 	 match as-path 1
> 	
> 	router bgp my-as
> 	 aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy
> 	 aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy
> 	 ...

And one aggregates a lone /24 with what?  Again, my point (and I
believe Patrick's) is that there are valid reasons for an entity
without a PI /20 to multihome.  Filter the /24s, and we have a
problem.

Of course, I guess that AT&T, PSI, BBN, etc. can save their
multihomed downstreams from certain filtration by... allocating
more IP space in 60/8 through 66/8, or from "class C" space.  How
efficient.

> So, rather than make a subtle change that some backwards ISPs never
> even noticed, a more forceful change (filtering) was made, and everyone
> noticed that, but more because of the continuing bad PR about how evil
> and rapacious it was to filter in the first place.

*sigh*

Maybe I need to use more emoticons.  The part where I said that
filtering is a good thing -- _to a certain extent_ -- was
serious...

> | Maybe I'll filter anything longer than a /8...
> 
> Please do, and tell us what you CAN'T reach after you throw
> away all the longer prefixes, and if you care after you 
> install a default or proxy-aggregate, or whatnot to try to
> retain connectivity to those "extraneous info" destinations.

...and I _certainly_ hope that nobody believed me on this one.
Filtering longer than /8 is clearly stupid.  Filtering /32 is
clearly a good thing.  Now, where do we draw the line?

Do we filter multihomed /24s?  I vote that's unacceptable.  As
Patrick pointed out... if _all_ major carriers filtered _all_
/24 adverts, one would essentially be single-homed to one's IP
space provider.

Back to "route to the whole Internet with as much reliability as
possible".  I contend that someone purchasing bandwidth wants to
maximize reliability to _all_ of the Internet.  Someone selling
bandwidth should deliver.

I offer the overused example of AS11643... they're just basement
multihomers with /24, /23, and /22 prefixes.  Clearly those
adverts deserve to be filtered. *waves big sign stating "sarcasm
here"*

If EXDS routing were fscked, how does one reach 216.32.120/24?
Assume for the sake of this discussion that one cannot hear /24s
via 701, 1239, or 6461.  [How much is eBay paying XO to carry its
longer prefixes?]

So:  Where do we draw the line on filtering?


Eddy

---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist at brics.com>, or you are likely to be blocked.




More information about the NANOG mailing list