BellSouth prefix deaggregation (was: as6198 aggregation event)
Haesu
haesu at towardex.com
Sun Oct 12 19:11:59 UTC 2003
The idea is to not filter just /24's.
The idea is to work with people who run cidr-report.org (may be.. or other people who are willing to coop), and find an ASNs who advertise a lots of irresponsible deaggregates.
As you can see, cidr-report only shows deaggregation for the prefixes that an AS _specifically_ _originates_. It does not show /24's out of downstream ASes, so it is safe.
Basically there would need to be some sort of monitoring process to review the cidr-report regularly to keep a close watch on irresponsible providers, and generate route-set filter against them until they aggregate themselves.
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | POC: HAESU-ARIN
On Sun, Oct 12, 2003 at 03:07:46PM -0400, McBurnett, Jim wrote:
>
> >
> > IMHO, I think we should create a route-set obj like call
> > it... RS-DEAGGREGATES and list all the major irresponsible
> > providers's specific /24's in it...
>
> CASE: Business has a /24 from X provider in order to multihome.
> That /24 is de-aggregated from a /19, with this policy that
> /24 may not be routed.
>
> possible exception: When 2002-3 get passed by ARIN, this could even take
> on new meaning. ARIN says they will use a single /8 for the handing
> out of /22-/24 for multihoming end users. will you then filter those
> /24's also?
>
> Also:
> What happens when that /24 for Business Y noted above is dual routed
> by ISP A and ISP B, and ISP A's upstream filters but ISP B's does not?
> Will there be asymmetric routing?
>
>
> Finally:
> Can anyone from BellSouth, explain the end goal of the de-aggregation?
>
> I suspect with 40 + ASs they may be rebuilding their network with a
> recently announced list of new IP services and DSL growth as asked for
> under the Federal government Rural DSL regulations... (I'm not trying to defend
> them, just giving some possibilities)
>
> > So some ASes who wish to not accept deaggregated specifics
> > using RPSL can update their AS import policy to not import
> > RS-DEAGGREGATES...
>
>
> >
> > Just my humble opinion.. Comments/critics welcome :)
> >
> > -hc
> >
> > --
> > Haesu C.
> > TowardEX Technologies, Inc.
> > Consulting, colocation, web hosting, network design and implementation
> > http://www.towardex.com | haesu at towardex.com
> > Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
> > Fax: (978)263-0033 | POC: HAESU-ARIN
> >
> >
> > On Sun, Oct 12, 2003 at 11:26:49AM -0400, Jared Mauch wrote:
> > >
> > > On Sun, Oct 12, 2003 at 01:02:57PM +0000, Stephen J. Wilcox wrote:
> > > >
> > > > > Can anyone from BellSouth comment? What if a few other
> > major ISPs were
> > > > > to add a thousand or so deaggregated routes in a few
> > weeks time? Would
> > > > > there be a greater impact?
> > > >
> > > > one word - irresponsible
> > >
> > > This clearly stands out to me as a reason to keep and use
> > > prefix filtering on peers to reduce the amount of junk in
> > the routing
> > > tables. If bellsouth needs to leak more specifics for load
> > balancing
> > > purposes, fine, just make sure those routes don't leave
> > your upstreams
> > > networks and waste router memory for the rest of us that
> > don't need to
> > > see it.
> > >
> > > - Jared
> > >
> > > > > (Note: The above numbers are based on data from
> > cidr-report.org. Some
> > > > > other looking glasses were also checked to see if
> > cidr-report.org's view
> > > > > of these AS's is consistent with the Internet as a
> > whole. This appears
> > > > > to be the case, but corrections are welcome.)
> > > > >
> > > > > -Terry
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On
> > > > > > Behalf Of Terry Baranski
> > > > > > Sent: Sunday, October 05, 2003 3:01 PM
> > > > > > To: 'James Cowie'; nanog at merit.edu
> > > > > > Subject: RE: as6198 aggregation event
> > > > > >
> > > > > >
> > > > > >
> > > > > > James Cowie wrote:
> > > > > >
> > > > > > > On Friday, we noted with some interest the
> > appearance of more
> > > > > > > than six hundred deaggregated /24s into the global routing
> > > > > > > tables. More unusually, they're still in there
> > this morning.
> > > > > > >
> > > > > > > AS6198 (BellSouth Miami) seems to have been
> > patiently injecting
> > > > > > > them over the course of several hours, between
> > about 04:00 GMT
> > > > > > > and 08:00 GMT on Friday morning (3 Oct 2003).
> > > > > >
> > > > > > If you look at the 09/19 and 09/26 CIDR Reports,
> > BellSouth Atlanta
> > > > > > (AS6197) did something similar during this time
> > period -- they added
> > > > > > about 350 deaggregated prefixes, most if not all /24's.
> > > > > >
> > > > > > > Usually when we see deaggregations, they hit
> > quickly and they
> > > > > > > disappear quickly; nice sharp vertical jumps in the
> > table size.
> > > > > > > This event lasted for hours and, more importantly,
> > the prefixes
> > > > > > > haven't come back out again, an unusual pattern for
> > a single-origin
> > > > > > > change that effectively expanded global tables by
> > half a percent.
> > > > > >
> > > > > > That AS6197's additions are still present isn't encouraging.
> > > > > >
> > > > > > -Terry
> > > > > >
> > > > >
> > > > >
> > >
> > > --
> > > Jared Mauch | pgp key available via finger from
> > jared at puck.nether.net
> > > clue++; | http://puck.nether.net/~jared/ My
> > statements are only mine.
> >
> >
More information about the NANOG
mailing list