verio arrogance
Jared Mauch
jared at puck.Nether.net
Fri Jul 19 04:25:09 UTC 2002
On Thu, Jul 18, 2002 at 11:54:30PM -0400, David Diaz wrote:
> Is there any need to keep the routing table to a smaller size. Since
> in theory, it creates suboptimal routing. And considering the new
> routers out there today should be able to handle it. Considering
> verio is using junipers, and they pride themselves on handling a
> tremendously large table. Why should we shoot for a 100,000 route
> table instead of 500,000 if it does not impact performance?
When you are talking about BGP reconvergance when a router
crashes (oh wait, they would never crash ;-) or is upgraded it takes
a lot longer to advertize 500k routes than 100k routes. Even
with a really-fast processor it obviously takes more time to do
route lookup in doing best-path computations with 100+ ibgp
peers.
Then you start to talk about the memory footprint of 500k
prefixes, once you start to include received-side communities
as well as your new communities you've tagged on. With
route-refresh it's not that bad, but with soft-reconfiguration enabled
it may cause a bit more memory to be used.
> I do understand that the 100,000 might be that actual 'installed best
> routes' and that the routers might in fact be dealing with a much
> larger route table. That might be an issue. But certainly 100,000-
> 500,000 installed routes, is that a problem for large backbones with
> high end routers?
If you venture a guess and say that most "large" networks
originate about 5% of the 100k prefixes must be advertized (see
peering discussion about minimum routes to advertize awhile back)
that numer of prefixes is increased to 25k prefixes. Then if you
prefix-filter your customers, you're talking about 5X increased
nvram/config requirements.
> My only consideration might be the small multihomed ISPs with 2-3
> providers with full BGP feeds and cisco 4000s (256meg ram). I saw
> one last week. I might be concerned at that level.
"back in the day when full routes would fit in 64m ram".
obviously the smaller providers have a bit more of a challenge as
they tend to not have support contracts, and it can be a bit
tougher to justify router memory.
> I'd love to hear feedback. It would then justify filtering...or not.
Think about the "7007" and other cases whereby someone
announces a large set of routes they should not be.
There have been numerous cases of this in the past and as
a long as it's possible to easily leak routes incorrectly due to
not filtering customers closely, etc.. it will continue to happen.
- jared
>
> David
>
>
>
>
> At 21:37 -0400 7/18/02, Phil Rosenthal wrote:
> >How is it arrogant?
> >I read that as: a customer set up an exploitable FormMail. Verio
> >received notice about it. Verio removed the FormMail in question. Verio
> >asked to be removed since they corrected the problem. Verio was ignored.
> >
> >Verio may have some problems with not terminating spammers, and I
> >believe this to be the truth -- I buy from verio, and Don't spam, and
> >whenever one of my clients spam, they get terminated for it. I receive
> >plenty of spam from verio ips, and no matter how much I complain, it
> >never gets terminated. This is probably a scenario of asking sales rep
> >"If I want to spam, but I pay more per meg -- Is this OK?" and getting
> >a positive answer.
> >
> >That is why the NANAE people don't like verio. But, nonetheless, I
> >don't think that putting verio's mailserver on a formmail list is
> >accomplishing anything good, since they fixed THAT problem...
> >
> >--Phil
> >
> >-----Original Message-----
> >From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> >Kai Schlichting
> >Sent: Thursday, July 18, 2002 6:37 PM
> >To: nanog at merit.edu
> >Cc: Kai Schlichting
> >Subject: Re: verio arrogance
> >
> >
> >
> >How's THIS for Verio arrogance, going to a whole new level:
> >
> >http://www.monkeys.com/anti-spam/filtering/verio-demand.ps
> >
> >Details were on the SPAM-L list Wed, 17 Jul 2002 15:51:05 EDT: Verio
> >threatens to sue Ron Guilmette over the IP 208.55.91.59 appearing on his
> >FormMail.pl open-proxy/formmail server DNSBL.
> >
> >And given the ever-increasing number of spammers now hopping onto Verio
> >tells me that Verio must be well down the spiral of death (spammers seem
> >to be attracted by NSP's going chapter 7/11, or who are getting close),
> >or else the dozen-or-so automated messages going to abuse at verio.net
> >every week complaining about connections (real or attempted) to hosts
> >under my control, and originating from their spamming customers would
> >have shown any results over time.
> >
> >I don't need connectivity to 208.55.0.0/16. I really don't, and I have
> >not the slightest tolerance for litigious, small-minded,
> >panic-lawyer-dialling scum like this.
> >
> >/etc/mail$ grep 208.55 access.local
> >208.55 550 Access for FormMail spam and litigious scum
> >denied - XXXX Verio in their XXXXXXXX XXX - we block more than just
> >208.55.91.59 - Spammers must die - see
> >http://www.monkeys.com/anti-spam/filtering/verio-demand.ps
> >/etc/mail$
> >
> >PS: I also have zero tolerance for Nadine-type spam-generating,
> >"single-opt-in",
> > "87% permission-based" emailers nowadays: 2 bounces or a single mail
> >to a
> > never-existing account, and all your /24's are off into gated.conf as
> >a
> > next-hop route to 127.0.0.1. And no, they won't get around that by
> >advertising
> > /25's.
> >
> >Good-bye route-prefix-filtering wars, and welcome to the war on spam,
> >where Null0'd /28's for filtering 'undesirables' just doesn't cut it any
> >more. Casualties like 10-15 bystanding rackspace.com customers with a
> >"Nadine- type" mailer in neighboring IP space be damned: "move your
> >servers into a different slum, cause da landlord's running down 'da
> >neighborhood".
> >
> >--
> >"Just say No" to Spam Kai
> >Schlichting
> >New York, Palo Alto, You name it Sophisticated Technical
> >Peon
> >Kai's SpamShield <tm> is FREE!
> >http://www.SpamShield.org
> >|
> >| |
> >LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxe
> >s
> >WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMat
> >h
>
> --
>
> David Diaz
> dave at smoton.net [Email]
> pagedave at smoton.net [Pager]
> Smotons (Smart Photons) trump dumb photons
>
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG
mailing list