Home page logo
/

nanog logo nanog mailing list archives

Re: Verio Peering Question
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 28 Sep 2001 09:34:21 -0400


At 04:26 PM 9/27/2001 -0400, Dorian Kim wrote:

>On Thu, Sep 27, 2001 at 07:29:01PM -0400, Patrick W. Gilmore wrote:
>> I am afraid you have forgotten many, many other possible answers to those
>> two premises.  For instance, Randy could be an un-believable crank, and
>> Verio has just not gotten around to un-doing his previous policies? Telcos
>> (especially Japanese telcos) move slowly.
>
>Verio is an ISP, not a telco.

Verio is owned by a telco, but to be honest, I like your definition better. So I will concede the point and apologize for my misstatement.


>You make an assumption that other major backbones that don't filter as
>Verio does think that doing so is a bad idea. That assumption is
>not necessarily true.

I am sorry, I should not have implied that since many other networks were not doing it then the engineers there believe it is the "Right Thing". Allow me to re-phrase:

I submit that every major backbone I can find (except Verio) accepts /24s from their peers in classical A space as proof that most, if not all, backbones of approximately Verio's size, and all backbones larger than Verio, do not filter as Verio does. I suggest that if every engineer, or even a large majority of them, believed strongly that filtering was "The Right Thing", at least some of the other backbones would filter.

While I could be wrong, one certainly cannot argue that just because political reasons *could* force engineers to configure networks against their will, that this *did* happen. Barring further evidence, Occam's Razor would, I think, support my view.

If you have further evidence, please feel free to educate me. I certainly am not privy to the opinions of as many engineers at major backbones as you, Randy, and Alex are.


>I've heard many complaints of Sprint's prefix filtering policy, but never
>from another major backbone providers. If anything, many thanked Sprint
>for the public service Sprint provided, and wished they do the same.
>
>I've yet to hear another backbone operator complain about Verio's prefix
>filtering policy either.

I have heard such complaints, to both.  I am sorry you have not.

Perhaps the others simply did not wish to challenge you because of your stature in the industry. Perhaps they did not want to start a confrontation. Perhaps like minded people hang out together, so I hear a different view than you do.

Whatever the reason, I have heard engineers opine that filtering is not The Right Thing. Not that that proves anything, any more than you not hearing the dissenting opinion proves anything.


Either way, I believe the fact the Internet is and has been working for many years without even a significant minority of major backbones filtering show that "not filtering" is at least not the end of the world.


>Global routing system is a fragile thing. There are no good existing
>ways of authenticating and authorising origin of prefixen.

Filtering does not solve this problem, although it may alleviate some symptoms for some failure modes.


>This periodically causes suboptimality in Internet's control plane,
>such as the 128/9 incident. Those networks that filtered as Verio does
>were not affected internally that incident. Those who didn't suffered.

There are many "good" things which filtering prohibits, such as a large backbone accidentally announcing the wrong prefix, and a small network deaggregating to gain control of its own IP space. I have been involved in this more than once personally, and getting a large backbone (e.g. Verio) to even listen to your complaint that they are announcing your /20 is pathetically difficult, especially when you are not a customer. Getting them to fix it is monumental. I would rather deal with two telcos claiming the other is the problem with my circuit - at least they both admit there is a problem!

I also submit that this type of problem happens many orders of magnitude more often than the type you mention.


>> P.S.  You never did address why Verio preaches one thing and practices
>> another.  Neither has Randy to my knowledge (other than to say "if you are
>> dumb enough to take them" or something like that).  Is hypocrisy an
>> official policy at Verio?
>
>It would be nice if people knew history better. It saves people from having
>to repeat old explanations from old days over and over again.

It would be nice if you did not simply assume people are not aware of the history.


>Please see smd's rationale for acl 112 on nanog and other fora archives
>circa 1996.

I have read Sean's argument, and discussed it with him personally. Stating that your customers pay you so you will accept longer announcements is fine, but neither Sprint nor Verio pays their peers to accept those longer announcements, so they should not propagate them. It is trivial to accept longer announcements from your customers than you pass to your peers.

Plus, I maintain is hypocritical to argue that the Internet will collapse if networks do not filter because aggregation is absolutely necessary, while simultaneously accepting and passing longer announcements, whether you are paid to do it or not.

Sprint's acceptance of long announcements from customers while filtering them from peers did less to foster aggregation than it did to help Sprint get customers who wanted to announce longer prefixes. (To be honest, I do not think Verio is getting the same advantage, but I could be wrong.)

And arguing that since everyone should filter it does not matter what you announce is not an argument, it is a poor rationalization for hypocrisy.

Plus the fact that Sprint only filtered (sill filters?) their customers on AS_PATH creates much more danger & instability to the global table than filtering on longer prefixes. Another glaring hypocrisy.


***** *****

Listen, Dorian, you are a bright guy, and so is Randy, and so is Alex. But clued or not, claiming something is "The Right Thing [tm]" does not make it so.

Filtering is nice in theory, but it misses some basic requirements of the Internet today.

The Internet is a tool, a means to an end. It is no longer a research project by academics, nor is a personal toy of a privileged few who happen to run large backbones.

The Internet is where it is today because people pumped billions of dollars into it. (Mostly to get pr0n. :) Many of these people require robust, high performance connectivity to the Internet, which can best be guaranteed through multiple connections to multiple providers. And they are willing to pay for it.

Providers who ignore these requirements do so at their peril.

If you have a better way for people to get robust, high performance connections, please submit it. I do not think filtering is bad because I had a vision from ghod, I think it is bad because it does not let the people paying for all these nice toys, and pushing all these 100s of Gbps, do what they want to do. Do what they NEED to do if we are to continue having an Internet.

You can argue that they want what is bad for them, and you may be right. But I argue that requiring smaller companies and providers to have a single connection will cause them more downtime and worse performance than allowing the global table to fill with the longer announcements.

History so far seems to be on my side. The statistics Randy quotes do not prove his case, they merely say growth will be slower, so he can keep up. Many companies believe they can keep up with the faster growth. I suggest that any provider which limits itself enough so it can slow the growth will not have to worry about any type of growth for long....


>-dorian

--
TTFN,
patrick


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault