Deaggregating for emergency purposes

Phil Rosenthal pr at isprime.com
Tue Aug 6 18:07:13 UTC 2002 

IRR pollution helps because all of *MY* uplinks filter, even if theirs
don't.
--Phil

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
nanog at missnglnk.com
Sent: Tuesday, August 06, 2002 1:57 PM
To: nanog at merit.edu
Subject: Re: Deaggregating for emergency purposes



On Tue, Aug 06, 2002 at 01:29:58PM -0400, Phil Rosenthal wrote:
> 
> Most ISPs that build off of the IRR's do it nightly.  I am talking 
> about 10 /24's out of /19, and I'm not announcing any of the /24's -- 
> and wont unless there is an emergency, and only then would it be 
> temporary.

Yes, and during that time, you could have:
a) Gone to CompUSA and bought some translation software.
b) Installed Windows and Office XP.
c) E-mailed some friends in fluid Spanish/German/Italian.
d) Bought a $10 international calling card.
e) Gone back to CompUSA and bought some text to speech software.
f) Put it all together in an e-mail to the ISP's upstreams,
   and blasted the NOC's phone with a translated message of
   "Stop announcing 192.168.0.0/16, it is my space".

And once again, if the ISPs in question receiving the routes actually
filtered based on IRR data, the route would not have made it in the
first place, correct? So how is IRR pollution going to help this if
there's no IRR filtering policy to begin with?

> --Phil
> 
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf 
> Of Omachonu Ogali
> Sent: Tuesday, August 06, 2002 4:00 AM
> To: nanog at merit.edu
> Subject: Re: Deaggregating for emergency purposes
> 
> 
> 
> What about announcing and registering with your IRR, more-specific 
> routes for the period that the problem ONLY exists, instead of being 
> lazy?
> 
> If all else fails, break out Outlook and your favorite translator, 
> because last time I checked, speaking English was not a requirement to

> run a network. Even if most of you do, this is not a "Majority Rules" 
> situation.
> 
> On Mon, Aug 05, 2002 at 10:47:33PM -0700, john at chagresventures.com
> wrote:
> > 
> > get on the bandwaggon that filtering is a good thing ?? :)
> > 
> > at some point some transit is going to listen and drop the
> > announcement.
> > 
> > Lets take an example.  Deep Dark middle of asia, someone starts
> > announcing a /24 of yours.  Their upstream takes the packet, and so 
> > forth.  At some point they will touch a NSP or ISP (international 
> > service provider) and you can get things dropped their.
> 
> Yes. End of story. Go directly to the finish diamond at the end of 
> your flowchart. If the next step in your flowchart is "pollute IRRs 
> with 3592375238957235893275839572 /32s", please return your maintainer

> object.
>  
> > Your pushing out a /24 will help slurp some of the traffic towards
> > you, but not all.
> > 
> > Personally I have deagged some prefixes to cause a DOS/DDOS towards 
> > a particular address to route down a slow connection I had.  
> > Sacrifice one link, to keep customers running on the others.  But 
> > thats
> different.
> 
> Yes, but you removed it later on, correct?
>  
> > Its about networking, the people kind, at this point.
> > 
> > cheers
> > 
> > john brown
> > chagres technologies, inc
> > 
> > On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:
> > > 
> > > But the question is, what do you do if it's coming from somewhere
> > > with a difficult to contact NOC, and their upstream is difficult
to 
> > > contact as well?
> > > 
> > > --Phil
> > > 
> > > -----Original Message-----
> > > From: John M. Brown [mailto:jmbrown at ihighway.net]
> > > Sent: Monday, August 05, 2002 8:12 PM
> > > To: Phil Rosenthal
> > > Cc: nanog at merit.edu
> > > Subject: Re: Deaggregating for emergency purposes
> > > 
> > > 
> > > Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected
> > > 
> > > Having had this happen to me several different times, I'd have to 
> > > recommend, calling the NOC of the advertising party. as the pref'd
> way
> > > of handling it.
> > > 
> > > On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:
> > > > 
> > > > I am currently announcing only my aggregate routes, but I have
> > > > lately
> > > > thought about the possibility of someone mistakenly, or
> maliciously,
> > > > announcing more specifics from my space. The best solution for 
> > > > an
> > > > emergency response to that (that I can think of), is registering
> all
> > > > of the /24's that make up my network, so if someone should
> announce a
> > > > more-specific, I can always announce the most specific that 
> > > > would
> be
> > > > accepted (assuming they don't announce the /24's too, it should 
> > > > be
> a
> > > > problem avoided)
> > > > 
> > > > Does anyone else have any other ideas on ways to quickly deal 
> > > > with someone else announcing your more specifics, since 
> > > > contacting
> their
> > > > NOC is likely going to take a long time...
> > > > 
> > > > --Phil
> > > > 
> > > 
> 
> --
> Omachonu Ogali
> missnglnk at informationwave.net
> http://www.informationwave.net
> 

-- 
Omachonu Ogali
missnglnk at informationwave.net
http://www.informationwave.net

More information about the NANOG mailing list