"Tactical" /24 announcements

Tom Beecher beecher at beecher.cc
Mon Aug 16 16:25:20 UTC 2021


Broadly speaking, I would say if you announce a prefix to the DFZ, then you
are saying "I can deliver anything in this range where it is supposed to
go."

That being said, there are moments like Bill said that an outage or other
issue prevents that from happening, and also circumstances that a lack of
competence also creates a problem.

On Mon, Aug 16, 2021 at 12:07 PM William Herrin <bill at herrin.us> wrote:

> On Mon, Aug 16, 2021 at 7:10 AM Jason Pope <boards188 at gmail.com> wrote:
> >
> > >On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher <hank at interall.co.il>
> wrote:
> > >> How does this break the Internet?
> > >
> > >A originates 10.0.0.0/16 to paid transit C
> > >B originates 10.0.1.0/24 also to paid transit C
> > >C offers both routes to D. D discards 10.0.1.0/24 from the RIB based
> > >on same-next-hop
> > >You peer with A and D. You receive only 10.0.0.0/16 since A doesn't
> > >originate 10.0.1.0/24 and D has discarded it.
> > >You send packets for 10.0.1.0/24 to A (the shortest path for
> > >10.0.0.0/16), stealing A's paid transit to C to get to B.
> > >Unless A filters C-bound packets purportedly from 10.0.1.0/24. B
> > >doesn't currently transit for A so from B's perspective that's not an
> > >allowed path. In which case, your path to 10.0.1.0/24 is black holed.
> > >
> > >D broke the Internet. If packets from you reach A at all, they do so
> > >through an unpermitted path.
> >
> > Ok, I apologize, but I have some dumb questions (because I don't BGP
> anymore):
> >
> > 1) I assume in the scenario that A "owns" (ARIN assignment) 10.0.0.0/16
> and if B has a /24 assignment out of the block that A "owns", shouldn't
> that mean that B has a business relationship with A and some kind of direct
> connectivity to A?
>
> Hi Jason,
>
> Not necessarily. It isn't modern practice but as others have pointed
> out there have been instances where a customer took an ISP-assigned
> block with them when they left.
>
> > 3) If "yes", then the connectivity wouldn't be broken, right?
>
> Not necessarily. You have to consider the route in -all- of the states
> it can be in, including the one where they're not, at this moment,
> successfully connected to the ISP which assigned the addresses. I
> offered a scenario in a prior post where the ISP's peering router
> carries only locally-originated and customer routes. When the customer
> loses their connection to the ISP (e.g. cable cut) their route
> disappears from the peering router. The users of the ISP can still
> reach it via the origin's alternate Internet connection.
>
> Reciprocal peers of the ISP can also reach it via the broader Internet
> but can't reach it via the peering connection to the ISP to whom the
> origin is not currently connected. If they filter the Internet route,
> the path ends up going to the ISP's peering router where it's black
> holed.
>
> Regards,
> Bill Herrin
>
>
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210816/d7dada78/attachment.html>


More information about the NANOG mailing list