69/8...this sucks

Joe Boyce jboyce at shasta.com
Tue Mar 11 18:06:54 UTC 2003




Monday, March 10, 2003, 7:44:43 PM, you wrote:

H> Well... I am pretty sure Tier1 backbones are up-to-date on the bogon
H> filters :-)
H> As we've already discussed, it's really the smaller networks with outdated
H> bogons or with admins who don't know what they are doing..

Bingo.  No silly bgp feed will fix this problem.  The problem is
all of the small customer networks that have been setup where the
admin at the time installed a slick firewall using what was then
current information and then walked away.

I only see three ways to deal with this issue:

1.  Contact each customer net that we find that is filtering on
outdated information.  I'm sure only the operators that have been
assigned 69/8 space will start doing this (and have), since we are in
fact responding to customer complaints.  This process should be
complete in say, oh, ten years or so.  That should give us enough time
to track them all down.

Oh while we are at that, we might want to contact every operator of
websites that are displaying "sample" firewalls using ipchains,
iptables or ipfw that show 69/8 as a bogon network.  We'll need to get
them to change those webpages to show correct information.  I mean,
why have that information out there so some other clueless admin can
simply start a fresh problem for us.  I figure a couple of years to
fix this too.

2.  Find a way to break all of those customers networks that filter
69/8 so that the response time to fix it is much less than the time
to contact each and every operator.  The only way to do that is to
move something like the root servers into this space.  Yes it's crazy
but it's the only way to break smaller networks.  But once joe sixpack
wonders why he can't get to Yahoo this morning and calls his
consultant, the problem would be resolved a lot faster than it will
take us to track them down and do option 1.

3.  Have us 69/8 address assignees simply live with the problem and
stop complaining in forums such as this.  We're the ones dealing with
the end user complaints about lost connectivity to sites once we've
renumbering a link into this range.  This goes back to option number
1, we'll simply bite the bullet and live with the problem and fix them
as we find them.

I'll admit, I run a small network and was quite happy to receive my
first ARIN assignment some months ago.  I wasn't so happy to find out
that once I renumbered our internal office workstations into this
range I had complaints from other employees about sites they could not
reach (starting with *.ca.gov).  I haven't even put one customer net
into this new range yet and I've already reacted to a couple of dozen
problems that less than 20 employees have found.  I'm honestly scared
to death about renumbering all of my customers now.

H> I think we are just going around the circle/preaching to the choir on the
H> same topic here.. Is this like what... 3rd time we are discussing
H> this whole 69/8 issue :-D? Really, someone needs to get out this 69/8
H> issue on the press.. Just a thought.. heh

I had an email sent to me from a writer from circleid.com (Joe
Baptista) back in late December regarding this issue when the problem
first popped up on Nanog.  As far as I can remember he was going to
write up an article on this situation.  I have no idea what became of
that.

Regards,

Joe Boyce
---
InterStar, Inc. - Shasta.com Internet
Phone: +1 (530) 224-6866 x105
Email: jboyce at shasta.com




More information about the NANOG mailing list