Home page logo
/

nanog logo nanog mailing list archives

Re: The Gorgon's Knot. Was: Re: Verio Peering Question
From: smd () clock org (Sean M. Doran)
Date: Fri, 28 Sep 2001 17:30:15 -0700 (PDT)


| So your downstreams pay you to connect to:
|
| + Your AS only;
|
| + Some of the Internet, but with little concern re accessibility
|   of small networks;
|
| + The whole Internet with as much reliability as possible?

if #3 then what's the problem with:

        ip as-path access-list 1 permit _badguy_
        
        route-map fix-badguy permit 10
         descr proxy-aggregate the networks who are "holey"
         match as-path 1
        
        router bgp my-as
         aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy
         aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy
         ...

except that historically (with one exception, which was rude but educational)
the "badguys" weren't really bad as much as lost somewhere, and didn't
realize what was happening to them.

So, rather than make a subtle change that some backwards ISPs never
even noticed, a more forceful change (filtering) was made, and everyone
noticed that, but more because of the continuing bad PR about how evil
and rapacious it was to filter in the first place.

Oh, wait, throwing away the holes can lead to a sub-optimal path
selection!  And troubles with holes coming from other directions!

"shut up and send me a cheque." -> something more polite but meaning the same
                                   so that customer will happily pay for
                                   a "route-pull".

Again, the great regret was the lack of a web page that would let
one pay to blow holes in the filter and similar mechanisms that
have been deployed from time to time (proxy-aggregation against
backwards ISP, filtering against backwards ICM, RIPE-210 against
the entire universe).

| Maybe I'll filter anything longer than a /8...

Please do, and tell us what you CAN'T reach after you throw
away all the longer prefixes, and if you care after you 
install a default or proxy-aggregate, or whatnot to try to
retain connectivity to those "extraneous info" destinations.

        Sean.

ps - for those who don't know, ICM is AS 1800, and has an interesting 
     history


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault