Home page logo
/

nanog logo nanog mailing list archives

Re: Verio Peering Question
From: "Stephen J. Wilcox" <steve () opaltelecom co uk>
Date: Sat, 29 Sep 2001 21:09:49 +0100 (BST)



The only kind of prefix filtering I would want to implement is
something that can accomplish:

[ snip ]

An interesting thought.  Group BGP adverts / table updates by
prefix length... get connectivity up and going, then chew on
the smaller details as needed.  Sort of like real-time process
priorities; if you can get there, queue longer prefixes until
_after_ all others have been processed.

assuming you're router can store, process and switch against n x million
routes in real time .. suspect technology will take us there but you want
to try and influence people to hold back, else we'll all suffer on the day
the internet reaches critical mass and routes overtake technology and all
providers routers give up!

Seems to me that "saving the Internet" means strict ingress
filtering[1] of downstreams and strict egress filtering[2] to
peers and upstreams... which is pretty much the opposite of what
Verio does.

[1] Providers SHOULD filter/aggregate downstream routes, unless

Two different subjects? Filter definitely, you want to ensure quality and
sanity. But aggregate... hmm, dont think that'll work with commerical
people. A customer multihomes and you aggregate whilst a.n.other
doesnt.. a.n.other gets all the traffic and you become the secondary
provider and let a.n.other get all the new business as primary!

[2] Want to tune inbound traffic?  Fine... advertise those longer
    prefixes to your upstreams/peers.  But don't make the rest of
    the Internet suffer.  Communities good.  Extra routes bad.

but people dont advertise long prefixes in order to simply make use of two
providers for the sake of it, they do it in order to create their own
unique routing policies which by definition needs to be internet-wide

i would envisage all kinds of problems too where the aggregating upstream
accepts your specific routes via another isp by mistake and then your
transit traffic ends up going all round the place.. you'd be advertising
/24s to peers and all but one transit, with primary transit aggregating up
to /16 or whatever, feels bad..

I'm sure in reality there's many reasons this would not be able
to be implemented (CPU load perhaps) but it would atleast do
something more than a "gross hack" that nails some offenders,
not all by any means, and impacts multihomed customers who are
only a portion of the problem that the current prefix filtering
solution does not solve.

as i say, only one transit can aggregate, the other one cant unless they
both assign blocks and one uses nat.. but then it gets ugly and eats up
IPs

Steve


Filter/aggregate as close to origination as possible.

"Be conservative in what you send, and liberal in what you
receive."  Haven't I heard that somewhere before?  (Bonus points
for anyone who can name the RFC without wimping out and using a
search like yours truly alas had to do.)


Eddy

---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.



-- 
Stephen J. Wilcox
IP Services Manager, Opal Telecom
http://www.opaltelecom.co.uk/
Tel: 0161 222 2000
Fax: 0161 222 2008


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]