Suspecious anycast prefixes
danny at tcb.net
Thu May 5 12:59:00 UTC 2011
On May 3, 2011, at 6:17 AM, Bill Woodcock wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On May 2, 2011, at 12:35 PM, Joe Abley wrote:
>> It's perhaps worth noting that there is work in the IETF to recommend that every prefix originated as part of an anycast cloud uses a unique origin AS (see <http://tools.ietf.org/html/draft-ietf-grow-unique-origin-as-00>). I'm not personally convinced of the arguments in the draft, but mentioning it in this thread seems reasonable.
> I'm also not convinced of the arguments in the draft, since it argues that it would be a best-practice
'A', not 'the', for the reasons conveyed in the draft (e.g., control
plane discriminator, RPKI foundations, etc..). If you don't like it,
don't do it, it's certainly easier to not do it.
> for me to originate my address space from more than 8,000 different ASNs,
8000 is a very large number.
> when I currently do just fine advertising it from three.
"You" as a service operator do just fine, and it's surely much
simpler from a configuration and provisioning standpoint. But
what about those folks that consume the service, and have no
indication of which node they may be utilizing from an Internet
control plane perspective, or all the associated derivatives?
> I'd much rather there not exist a document that clueless people can point at and claim is a "best common practice" when it's neither best nor common.
'clueless people' wouldn't care which node they utilize, where
it resides, or what other attributes might exist and be associated
with it. Providing a discriminator in the control plane for the
consumer of critical network services might well be of utility to
More information about the NANOG