Hmm. From a coding point of view you are certainly correct. From a troubleshooting POV, prefix lists are superior, because it is much easier to tell, at a glance, what the ACL is supposed to do, particularly for less experienced engineers. This is a significant advantage. However, it can be a big project to convert a large, installed base of extended ACLs to prefix-list ACLs, so that might be why Genu has held off. Even with a script or other tool, there is still a chance for some customer downtime. As far as requring exact ACLs, rather than allowing "greater than or equal to" type ACLs - there are a couple good reasons for this. One is, to ensure maximum route aggregation by your customers, and potentially prevent serious deaggregations. This may also help with troubleshooting. Of course, it's less convenient for customers, and requires more interaction and changing of ACLs, which can cause downtime. I suspect the best practice, at this point, is autogeneration of ACLs using IRR database entries, and tools like RTConfig or their homegrown equivalent. - Daniel Golding
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Martin, Christian Sent: Friday, April 12, 2002 2:31 PM To: 'neil@DOMINO.ORG'; garlic@garlic.com Cc: matthew@velvet.org; nanog@merit.edu Subject: RE: genuity - any good?
I think the argument is not about route filtering - it is the implementation method.
Genuity uses ip extended access-lists.
Everyone else uses prefix-lists.
To a purist, the former is more granular, but performs poorly because it is a linked list implementation. The later, while less granular, performs faster by using a trie. It also allows insertion without list rebuilding. Does this matter much? I'm sure there are some that have tested convergence between the two technologies, so I'd welcome comments out of curiosity.
They are somewhat anal with their lists as well. If you have a /19, but you want to deaggregate for inbound BGP TE, you will need to send them EVERY route you will send. That can be 64 subnets. For a /16, it is waaayyy worse. Then again, it allows them to know exactly how many prefixes MAY be announced from their customers, which I suppose has its merits.
chris
-----Original Message----- From: neil@DOMINO.ORG [mailto:neil@DOMINO.ORG] Sent: Friday, April 12, 2002 2:08 PM To: garlic@garlic.com Cc: matthew@velvet.org; nanog@merit.edu Subject: Re: genuity - any good?
1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit.
Man I don't know of a provider that doesn't do this - but the fact is this is a good thing.