Home page logo
/

nanog logo nanog mailing list archives

Re: The Gorgon's Knot. Was: Re: Verio Peering Question
From: smd () clock org (Sean M. Doran)
Date: Fri, 28 Sep 2001 17:14:21 -0700 (PDT)


| progressive dampening is much more appealing than 
| filtering, to solve this problem

Filtering was the first attempted solution to CIDR failure.

Damping had the advantage of time, reflection, and input
from Curtis Villamizar (who I believe invented the first
described damping algorithm) and many others, as well as the 
help from some truly excellent co-authors, patient customers 
and colleagues.   RIPE as a publication venue also had some 
distinct advantages over IETF and NANOG.

| other alternative method ... (ie Multi6 mapped to IPv4, etc).

Ah, you're anticipating solution mark III.

| I suspect if customers knew routes were being filtered, they
| would care a lot.

It got put in overnight because nobody had screamed since
the first time it had been threatened some months before.
The only serious complaint registered was from some competitors
who had been allocating from short prefixes they'd obtained in
the very new space covered by the filters, which did not, in fact, 
filter out long prefixes in older swampy but in-use address ranges.
Had the competitors in question (also or instead) announced the
prefixes they had actually been allocated, they would not have
noticed for some time.   (Probably someone would have first noticed
odd traceroute behaviour towards one of the "holes" in the
big short-prefix allocations that didn't work in the intended
way when trying to load-balance or recover from a partition.
That is, traffic hitting Sprintlink would go to the big network
announcing the short prefix, rather than to the other network
announcing the hole.   And at the time there were no short
prefixes, only holes, almost all of which seemed to be singly
homed.   If someone has NANOG archives from the time, there
are some analyses of what got affected.  'Tweren't much on
day one, and the filter was a big enough stick that 'tweren't
much on day something-hundred either).

| This only works because it is targetted at
| less-noticeable address blocks

Right.   Moreover, they were less-noticeable not just because
they were small, but because they were totally new.  (Or not
even yet used).

| and exceptions are made for
| noticeable address blocks (major site on a /24's).

The swamp was the exception.  The exception became the swamp.
We thought the swamp would drain thanks to PIARA.  It didn't,
but it didn't become the toxic waste dump either, thanks to
good (space) conservation efforts by the RIRs and the community in general.

| If
| customers knew that this was being done, and there was no
| noticeable value created by the change (as is the case now),
| they would have a problem. This information probably isn't
| included Verio's sales slick, it wouldn't land many sales.

If it were, it would be presented as: "Connect to Verio and avoid
filtering -- announce everything you like, everyone else is too
stupid to protect their networks from such abuse!"

        Sean.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault