Home page logo
/

nanog logo nanog mailing list archives

Re: Verio Peering Question
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 28 Sep 2001 12:31:53 -0400


At 09:01 AM 9/28/2001 -0700, Majdi S. Abbas wrote:

>    Sure, they filter, but they invite THEIR peers to filter them, as
>well.  I don't see any hypocracy in that.

I am sorry you do not.  How about we agree to disagree?

I do, however, agree that all their peers should take them up on their invitation and filter Verio, but only Verio.

How much would you like to bet that if every backbone, or even just a few major ones, filtered Verio (and only Verio) as Verio suggests, that Verio would stop filtering and ask them to stop filtering? I would put $1,000 on it right here and now, publicly. (Since you mention my job history below, you know I am not an Internet millionaire, so you know this is not an insignificant amount of money for me.)

Then again, I can see from below that you obviously do not understand the implications of this filtering policy.



>    Patrick, neither does claiming that such filtering /isn't/ "The Right
>Thing."  And I find your prior argument that filtering is hurting the
>business of Verio as completely laughable -- clearly the open filtering policy
>is what made providers such as Priori and Onyx (USA) such a success.  Someone
>with your, shall we say, `colorful' job history should be well aware that
>engineering policy has little to do with the success or failure of an ISP.

Thank you for your support. At least you did not try to imply that my previous networks died because I could not engineer them properly. But that is not really the issue here.


>> The Internet is where it is today because people pumped billions of dollars
>> into it.  (Mostly to get pr0n. :)  Many of these people require robust,
>> high performance connectivity to the Internet, which can best be guaranteed
>> through multiple connections to multiple providers.  And they are willing
>> to pay for it.
>
>    And the people who pumped billions of dollars into it are welcome
>to protect their assets, their network, and their customers as they choose.
>I do not yet have the ego required to claim that Verio's--or anyone's
>equipment is in the public domain.

I was not claiming that.


>> If you have a better way for people to get robust, high performance
>> connections, please submit it.  I do not think filtering is bad because I
>> had a vision from ghod, I think it is bad because it does not let the
>> people paying for all these nice toys, and pushing all these 100s of Gbps,
>> do what they want to do.  Do what they NEED to do if we are to continue
>> having an Internet.
>
>    Doesn't it?  Filtering does not prevent these people from doing
>what they wish.  It simply establishes guidelines for how they do it.
>There is -no difference- between filtering on /25-and-longer and
>filtering as Verio does.  The former modifies behavior by asking that
>people refrain from announcing anything smaller than a /24.  The
>latter simply filters prefixes based on registry allocation policy.

Actually, there is a difference.


>> You can argue that they want what is bad for them, and you may be
>> right.  But I argue that requiring smaller companies and providers to have
>> a single connection will cause them more downtime and worse performance
>> than allowing the global table to fill with the longer announcements.
>
>    How does this require that they single-home?  I have no idea
>where this paragraph came from, but in the context of this post, I
>guess that's not a new feeling.

Please read Randy's documents.  They explain it quite clearly.

I shall try to summarize. A company or small provider can easily get a /24 from their upstream by simply claiming they want to multi-home, even if they do not need 256 IP addresses. A company or small provider cannot get a /20 from ARIN or RIPE or APNIC by claiming they need to multi-home. The registries only hand out allocations based on IP need, they state quite clearly that you should get smaller allotments from your upstream.

So, say I am a small company with 50 or so employees, and I rely very, very heavily on my internal web server for my business. I have a few options: * I can place my server at a colocation house, which would put me completely at the mercy of that colocation house. * I can put my web server here in my office and get a single link to the Internet, which puts me completely at the mercy of that physical line and single provider.
 * I can multi-home.

(Probably the best option would be to put the box at a colocation house like Above.Net which allows me to pull in a line from another provider, while also providing me with all the backup & security of a colocation facility instead of a standard business-class building. But that still requires me to multi-home.)

Because of my small need for IP space, none of the IP registries will give me my own /20 (or whatever). However, ARIN will not complain if one of my upstreams SWIPs a /24 to me, even if I do not require an entire /24. I announce that /24 to both my upstreams.

If that /24 is filtered by all backbones, my second connection to the Internet is essentially useless, a waste of money.


Also, please note that if all backbones filtered Verio - and only Verio - as Verio suggests, then anyone announcing a /24 into Verio from the space of another provider would be wasting their money. If the link to the other provider were to fail, the customer would receive no traffic from anywhere on the Internet, except Verio and Verio customers. While this is not a trivial amount of the Internet, it is still a small fraction of the Internet. (This is why I believe Verio would stop filtering if everyone filtered only Verio.)


Do you now understand why "filtering == forcing small providers / businesses to single home"? If anything was not clear, please contact me off list and I shall try to explain further.


Again, I and many other people are open to alternatives. Whenever I bring this argument up to Randy (and some others), he tells me that these smaller people do not need to multi-home, or that they are not big enough to matter. Kinda arrogant if you ask me, especially considering some of these people (including Randy) used to do the opposite of what they now preach, back before they were "tier 1" providers.

I also submit that these small companies & providers are big enough to matter, at least in aggregate. A large amount of traffic (and money) comes from these types of providers & businesses. If there were not that many of them, it would not make a difference to the global table.


>    --msa

--
TTFN,
patrick


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault