Home page logo
/

nanog logo nanog mailing list archives

Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Josh Richards <jrichard () cubicle net>
Date: Sun, 13 May 2001 15:29:03 -0700


* Roeland Meyer <rmeyer () mhsc com> [20010513 13:45]:

None of the DSL ISPs can do larger than /27 anymore, even when they're
ILECs.

What does being an ILEC have to do with layer 3 routing?  

'sides there are plenty of DSL ISPs that offer larger than a /27.  Heck, I
count some of them among my clients who consist primarily of smaller 
regional players.  If you are looking for more major player examples that 
offer larger IP blocks:

* MegaPath
  <URL:http://www.megapath.net/> (see Support -> IP Request Form)
* PacBell/SBC
  <URL:http://public.pacbell.net/dedicated/dsl/dsl_business.html>

How hard have you looked, Roeland?

Anything less than a /24 can't be SWIP'd and if you don't control
your in-addr.arpa entries you don't control your domain and have no
security.

This is FUD.  For example, look up "63.201.8.120".  That sure looks like a
/29 to me.  Hell, that's even being done by an ILEC owned ISP. :-)  In fact,
ARIN (and other regional registries have similar policies) encourage SWIP
reassignments for anything up to and including /29.  An NSP who has to
justify its requests for IP space (read: any) knows how much easier and 
quicker the process is made when they have everything SWIP'd already.
  
  <URL:ftp://ftp.arin.net/pub/swip/swipinstruction.txt>

As to controlling your reverse delegation, if your IP block is less than a 
/24 how often do you _really_ need to change your reverse?  If the answer is
not often you are losing nothing by having your upstream handle it for you. 
If you still want control of it, convince your upstream to implement 
RFC2317 (if they haven't already):

  <URL:http://www.rfc-editor.org/rfc/rfc2317.txt>

As to trusting reverse nameservice records for security, well, that's your 
choice not mine..

-jr

----
Josh Richards <jrichard () { geekresearch.com, cubicle.net }> [JTR38/JR539-ARIN]
Geek Research, LLC - San Luis Obispo, CA - <URL:http://www.geekresearch.com/>
KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]