mailing list archives
Re: Verio Peering Question
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 28 Sep 2001 09:34:21 -0400
At 04:26 PM 9/27/2001 -0400, Dorian Kim wrote:
>On Thu, Sep 27, 2001 at 07:29:01PM -0400, Patrick W. Gilmore wrote:
>> I am afraid you have forgotten many, many other possible answers to those
>> two premises. For instance, Randy could be an un-believable crank, and
>> Verio has just not gotten around to un-doing his previous
>> (especially Japanese telcos) move slowly.
>Verio is an ISP, not a telco.
Verio is owned by a telco, but to be honest, I like your definition
better. So I will concede the point and apologize for my misstatement.
>You make an assumption that other major backbones that don't filter as
>Verio does think that doing so is a bad idea. That assumption is
>not necessarily true.
I am sorry, I should not have implied that since many other networks were
not doing it then the engineers there believe it is the "Right
Thing". Allow me to re-phrase:
I submit that every major backbone I can find (except Verio) accepts /24s
from their peers in classical A space as proof that most, if not all,
backbones of approximately Verio's size, and all backbones larger than
Verio, do not filter as Verio does. I suggest that if every engineer, or
even a large majority of them, believed strongly that filtering was "The
Right Thing", at least some of the other backbones would filter.
While I could be wrong, one certainly cannot argue that just because
political reasons *could* force engineers to configure networks against
their will, that this *did* happen. Barring further evidence, Occam's
Razor would, I think, support my view.
If you have further evidence, please feel free to educate me. I certainly
am not privy to the opinions of as many engineers at major backbones as
you, Randy, and Alex are.
>I've heard many complaints of Sprint's prefix filtering policy, but never
>from another major backbone providers. If anything, many thanked Sprint
>for the public service Sprint provided, and wished they do the same.
>I've yet to hear another backbone operator complain about Verio's prefix
>filtering policy either.
I have heard such complaints, to both. I am sorry you have not.
Perhaps the others simply did not wish to challenge you because of your
stature in the industry. Perhaps they did not want to start a
confrontation. Perhaps like minded people hang out together, so I hear a
different view than you do.
Whatever the reason, I have heard engineers opine that filtering is not The
Right Thing. Not that that proves anything, any more than you not hearing
the dissenting opinion proves anything.
Either way, I believe the fact the Internet is and has been working for
many years without even a significant minority of major backbones filtering
show that "not filtering" is at least not the end of the world.
>Global routing system is a fragile thing. There are no good existing
>ways of authenticating and authorising origin of prefixen.
Filtering does not solve this problem, although it may alleviate some
symptoms for some failure modes.
>This periodically causes suboptimality in Internet's control plane,
>such as the 128/9 incident. Those networks that filtered as Verio does
>were not affected internally that incident. Those who didn't suffered.
There are many "good" things which filtering prohibits, such as a large
backbone accidentally announcing the wrong prefix, and a small network
deaggregating to gain control of its own IP space. I have been involved in
this more than once personally, and getting a large backbone (e.g. Verio)
to even listen to your complaint that they are announcing your /20 is
pathetically difficult, especially when you are not a customer. Getting
them to fix it is monumental. I would rather deal with two telcos claiming
the other is the problem with my circuit - at least they both admit there
is a problem!
I also submit that this type of problem happens many orders of magnitude
more often than the type you mention.
>> P.S. You never did address why Verio preaches one thing and practices
>> another. Neither has Randy to my knowledge (other than to say "if you are
>> dumb enough to take them" or something like that). Is hypocrisy an
>> official policy at Verio?
>It would be nice if people knew history better. It saves people from having
>to repeat old explanations from old days over and over again.
It would be nice if you did not simply assume people are not aware of the
>Please see smd's rationale for acl 112 on nanog and other fora archives
I have read Sean's argument, and discussed it with him personally. Stating
that your customers pay you so you will accept longer announcements is
fine, but neither Sprint nor Verio pays their peers to accept those longer
announcements, so they should not propagate them. It is trivial to accept
longer announcements from your customers than you pass to your peers.
Plus, I maintain is hypocritical to argue that the Internet will collapse
if networks do not filter because aggregation is absolutely necessary,
while simultaneously accepting and passing longer announcements, whether
you are paid to do it or not.
Sprint's acceptance of long announcements from customers while filtering
them from peers did less to foster aggregation than it did to help Sprint
get customers who wanted to announce longer prefixes. (To be honest, I do
not think Verio is getting the same advantage, but I could be wrong.)
And arguing that since everyone should filter it does not matter what you
announce is not an argument, it is a poor rationalization for hypocrisy.
Plus the fact that Sprint only filtered (sill filters?) their customers on
AS_PATH creates much more danger & instability to the global table than
filtering on longer prefixes. Another glaring hypocrisy.
Listen, Dorian, you are a bright guy, and so is Randy, and so is Alex. But
clued or not, claiming something is "The Right Thing [tm]" does not make it so.
Filtering is nice in theory, but it misses some basic requirements of the
The Internet is a tool, a means to an end. It is no longer a research
project by academics, nor is a personal toy of a privileged few who happen
to run large backbones.
The Internet is where it is today because people pumped billions of dollars
into it. (Mostly to get pr0n. :) Many of these people require robust,
high performance connectivity to the Internet, which can best be guaranteed
through multiple connections to multiple providers. And they are willing
to pay for it.
Providers who ignore these requirements do so at their peril.
If you have a better way for people to get robust, high performance
connections, please submit it. I do not think filtering is bad because I
had a vision from ghod, I think it is bad because it does not let the
people paying for all these nice toys, and pushing all these 100s of Gbps,
do what they want to do. Do what they NEED to do if we are to continue
having an Internet.
You can argue that they want what is bad for them, and you may be
right. But I argue that requiring smaller companies and providers to have
a single connection will cause them more downtime and worse performance
than allowing the global table to fill with the longer announcements.
History so far seems to be on my side. The statistics Randy quotes do not
prove his case, they merely say growth will be slower, so he can keep
up. Many companies believe they can keep up with the faster growth. I
suggest that any provider which limits itself enough so it can slow the
growth will not have to worry about any type of growth for long....