[ On Saturday, January 13, 2001 at 13:25:39 ( -0500), Mark Mentovai wrote: ]
Subject: Re: How does one make not playing nice with each other scale? (Was: net.terrorism)
Another potential issue (this is purely theoretical, I'm not referring to any past, present, or future situation in particular) is that providers trying to blackhole a certain site for AUP violations may want to negatively impact reachability as much as possible, rather than purely keeping the offending traffic off their network. These folks wouldn't want to advertise anti-routes because the resulting blackhole avoidance would encourage others to take working alternate paths, which does less harm to the site in question.
Ah ha! Now I think you've put your finger on the *real* problem! :-)
Still, this may be a beneficial, even if little-used, addition. Thoughts?
Well if these "anti-routes" really do have to be manually configured then it's still not really scalable. If their advertisement in the routing protocols could somehow be automated and hard to disable then maybe they'd obviously be of some use. If the people using such "hidden" null routes are attributing their invisibility to the fact that de-aggregating the block they are within is difficult and/or bad then clearly an "anti-route" advertisement mechanism would be a potential solution to that problem. Whether it makes life any easier on either side of the fence is the question, and no doubt part of the answer depends on whether or not the users of "hidden" null routes (or other forms of transit packet filtering) are in fact willing to advertise (in a routing protocol sense) what they're really doing so that their peers (in a networking sense) can make better decisions about what to do with their traffic. Clearly a "hidden" null route (or even a real packet filter dropping packets for some subnet) does violate the advertisement of the larger aggregate route, and from what I've seen there are lots of people who are "surprised" (to say the least) to learn that they can't get packets to these null-routed networks via an encompassing route advertised by one of their upstreams. Packets is packets boyz and goilz, and if you're advertising transit across your borders but not actually providing it then you're most definitely not a very good network neighbour. I.e. policy based routing should be either outlawed for transit providers, or required to be clearly advertised in such a way that network peers can automate their routing decisions based on real-time policy changes within their peer's networks (but perhaps that's another non-operational discussion! :-). -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>