We hit half-million: The Cidr Report

Patrick W. Gilmore patrick at ianai.net
Wed Apr 30 14:54:34 UTC 2014


On Apr 30, 2014, at 09:15 , Jérôme Nicolle <jerome at ceriz.fr> wrote:
> Le 29/04/2014 04:39, Valdis.Kletnieks at vt.edu a écrit :

> > Do we have a handle on what percent of the de-aggrs are legitimate
> > attempts at TE, and what percent are just whoopsies that should be
> > re-aggregated?
> 
> Deaggs can "legitimatelly" occur for a different purpose : hijack
> prevention (Pilosov & Kapela style).
> 
> It's fairly easy to punch a hole in a larger prefix, but winning the
> reachability race while unable to propagate a more specific prefix
> significantly increase hijacking costs.

Excellent point, Jérôme.

Let's make sure nothing is hijack-able. Quick, let's de-agg -everything- to /24s. Everyone's routers can sustain > 10 million prefixes per full table, right? Jérôme, how many prefixes can your routers handle?

Or we could stop thinking that abusing a shared resource for personal gain is a great idea.


> For a less densely connected network (no presence on public IXPs, poor
> transits...), renumbering critical services (DNS, MX, extranets) to
> one of their /24s and de-aggregating it could be a smart move.

See my previous post. Of course deaggregation can have a use, but for a network is no peering an one or a few transits, those more specifices never have to hit the global table. Sending that /24 to your transit provider(s) with no-export will have the _exact_same_effect_, and not pollute anyone's routers whom you are not paying.

The idea "I have a 'reason' for hurting everyone else, so it is OK" has got to stop. Just because you have a reason does not make it OK. And even when it is a good idea, most people implement it so poorly as to cause unneeded harm.

-- 
TTFN,
patrick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140430/2cfb9d1d/attachment.sig>


More information about the NANOG mailing list