Home page logo
/

nanog logo nanog mailing list archives

Re: Verio Peering Question
From: Dorian Kim <dorian () blackrose org>
Date: Thu, 27 Sep 2001 16:26:50 -0400


[I'll probably regret wading in, but....]

On Thu, Sep 27, 2001 at 07:29:01PM -0400, Patrick W. Gilmore wrote:
I am afraid you have forgotten many, many other possible answers to those 
two premises.  For instance, Randy could be an un-believable crank, and 
Verio has just not gotten around to un-doing his previous policies?  Telcos 
(especially Japanese telcos) move slowly.

Verio is an ISP, not a telco.

Then again, perhaps every one of them is wrong, while Randy & Verio are 
right?  (Of course, this begs the question why AT&T, where Randy works, and 
XO, where you work, do not filter as Verio does?  Perhaps US telcos move 
slowly too? :)

I find that in life, it is difficult to make monolithic stances based on
one principle or another, no matter how correct that stance is in
theory. There are always extenuating circumstances that makes one
modify ones response to things, and reasonable people change as
circumstances change around them.

If Verio ever changes its route filtering policy, that won't mean
that it stopped being the right thing[tm] to do. It will probably just mean 
that the overall cost of implementing the right thing[tm] may have become 
to high to maintain. Same would be true for some of the other networks that 
filtered and stopped.

You make an assumption that other major backbones that don't filter as
Verio does think that doing so is a bad idea. That assumption is 
not necessarily true.

I've heard many complaints of Sprint's prefix filtering policy, but never 
from another major backbone providers. If anything, many thanked Sprint
for the public service Sprint provided, and wished they do the same.

I've yet to hear another backbone operator complain about Verio's prefix
filtering policy either.

I think it's fairly well known fact that engineers do not soley run
companies. Even if something is the best thing to do from engineering
perspective does not mean that other factors, such as legal, sales and
marketing may not modify the outcome. I know this is North American
Network _Operators_ Group, but sometimes it's useful to think of 
the rest of the world.

The networks that filtered aggressively did so in the past because they 
thought it was the right thing to do, both for their network and customer 
base after taking every factors into consideration. There was also the 
consideration of public service that this was doing for the rest of 
Internet. As circumstances changed, the factors that went into 
decision processes shifted, and expression of those decisions changed
and some decided that it wasn't worth it anymore.

Aside from the theories of routing table entropy and high principles,
as well as realities of bleak future of global Internet routing on
its current vector, there is another facet of this complex problem
to consider that people should take into consideration.

Global routing system is a fragile thing. There are no good existing
ways of authenticating and authorising origin of prefixen.

This periodically causes suboptimality in Internet's control plane,
such as the 128/9 incident. Those networks that filtered as Verio does
were not affected internally that incident. Those who didn't suffered.

There are no ideal solutions for those types of problems. All of the
solutions have major flaws, and prefix filtering based on RIR a
allocation boundaries protect a network from a subset of them.

Until we have mechanisms to protect our networks better, there will
always be issues with any solution(s) chosen.

Before anyone asks, IRR based filtering of peers has been tried. Given
existing software implementations, this does not scale, even if you
ignore the garbage in garbage out issue of the problematic information
source.

P.S.  You never did address why Verio preaches one thing and practices 
another.  Neither has Randy to my knowledge (other than to say "if you are 
dumb enough to take them" or something like that).  Is hypocrisy an 
official policy at Verio?

It would be nice if people knew history better. It saves people from having
to repeat old explanations from old days over and over again.

Please see smd's rationale for acl 112 on nanog and other fora archives
circa 1996.

-dorian


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]