72/8 friendly reminder
jlewis at lewis.org
Thu Mar 24 16:42:06 UTC 2005
On Thu, 24 Mar 2005, Christopher L. Morrow wrote:
> > > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly
> > > > informed' admins the problem?
> > >
> > >Lazy/misguided/ex admins / downsized networks are the problem. ARIN is in
> > >a unique position to be able to do something to at least try to mitigate
> > >the problem without too much effort before handing "damaged IP space" out
> > >to members. The current situation frustrates those who don't know what to
> > >do, and encourages them to look elsewhere for the IP space they need.
> > I think it's important to remember the "lazy/dumb/mistaken/poorly informed"
> > folk alluded to above are NOT the ones receiving IP address space, but
> > people elsewhere in (and all over) the world.
> of course, I should have been more clear, sorry :)
That was totally clear to me. It's the people who set and forget about
(or set and get laid off) bogon packet/route filters that have caused this
problem. The unfortunate thing is that they don't seem to learn from
their mistakes. Each time a new /8 goes from bogon to RIR assigned, the
end users of those new allocations end up dealing with the same problems
each former bogon /8 did before them. How many times does a network have
to be contacted by users of 69/8, 70/8, 71/8, before they stop and think
"hey, maybe these static bogon filters weren't such a great idea...how
about we just scrap them?"...or maybe its just that new static bogon
filters are being put in place and forgotten...so a network that didn't
have bogon filters when 69/8 went into use does now.
> > The idea of ARIN temporarily lighting address space in any new block, and
> > providing a test target is reasonable, relatively inexpensive and sensible.
> this requires the above lazy/dumb/mistaken/poorly-informed masses to want
> to hit the targets as well, eh? :(
Exactly why even though it may help a little, it's not a solution. The
solution has to be more active (vs passive). Setup something in that new
IP space, and do reachability testing (or let others do it as RIPE has
done). That's quite a bit more involved than just setting up a host and
saying "hey, ping this", but how else are you going to know where the
filters are? If ARIN did this, they could setup something very similar to
what I did on 69box, and have a "hall of shame" page listing the networks
(IPs) unreachable from the new space, but reachable from older space. At
least then members given former bogon IP blocks could go to that page, see
if there are any networks listed that they might care about reachability
to, and try to make contact themselves with those networks they care
about in order to get their bogon issues resolved.
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG