I really don't see any harm with this experiment especially considering that the first AS Number on the AS_PATH will be the correct AS-PATH from which the two prefixes should be originated from. Clear whatever ASN that follows after that wouldn't matter as the internet will always forward traffic for those prefixes to the correct ASN, perhaps the question to the research team is how will the routers that within your ASN be configured to route those two ASN once traffic comes back to you? Regards Paschal Masha | Engineering Skype ID: paschal.masha ----- Original Message ----- From: "Tom Beecher" <beecher@beecher.cc> To: "Lars Prehn" <lprehn@mpi-inf.mpg.de> Cc: "nanog" <nanog@nanog.org> Sent: Monday, May 2, 2022 9:40:53 PM Subject: Re: Announcement of Experiments Short Disclaimer: I frequently use the PEERING testbed myself, so I'm genuinely interested in where and why people draw the boundary of what's fine and what's not. Fine : Experimentation. Not fine : Experimentation with number or ASN resources that are not yours without prior permission. The operations and engineering staff at my company should not have to trace down why one of our ASNs is suddenly announcing space that is not ours , and that is coming from a network that isn't under our control. On Mon, May 2, 2022 at 2:07 PM Lars Prehn < [ mailto:lprehn@mpi-inf.mpg.de | lprehn@mpi-inf.mpg.de ] > wrote: BQ_BEGIN Short Disclaimer: I frequently use the PEERING testbed myself, so I'm genuinely interested in where and why people draw the boundary of what's fine and what's not. Iirc., the route collectors see a (drastically varying) number of poisoned routes (assuming everything within a loop is poisoning) in the DFZ at any point in time, affecting a (drastically varying) number of ASNs, prefixes, and paths. So why would you expect this experiment to be noticeable at all---I mean, compared to the day-to-day, "1% of the Internet is beyond broken and does Yolo things" noise? Very similar experiments have run in the past (e.g., [1] in 2018); did you notice them? Would poisoning be tolerated if the PEERING testbed would be, e.g., some security-obsessed org that wants to avoid that your infrastructure touches any of its precious packets during the forwarding process? I guess what I want to figure out is: Is it the intention behind the poisoning experiments that bothers people or is the act of poisoning itself? Kind regards, Lars [1] [ https://arxiv.org/pdf/1811.03716.pdf | https://arxiv.org/pdf/1811.03716.pdf ] On 02.05.22 16:33, Raymond Dijkxhoorn via NANOG wrote:
Hi!
If I am interpreting this correctly that you are just going to yolo a bunch of random ASNs to poison paths with, perhaps you should consider getting explicit permission for the ASNs you want to use instead.
A lot of operators monitor the DFZ for prefixes with their ASN in the path, and wouldn't appreciate random support tickets because their NOC got some alert. :)
Exatly that. How about you ask people to OPT-IN instead of you wanting people to OPT-OUT of whatever experiment you feel you need to do with other people's resources.
When you the last time you asked the entire internet?s permission to announce routes ?
I dont exactly understand what you try to say its not about the route its about the path.
If the insert 'my ASN' i certainly will complain wherever i can and no i will not opt out from that. I will assume they just do use my ASN. Weird thought?
Bye, Raymond
BQ_END