Ok, I am often outgunned and off target here. But I have to ask this: 1. If filtering is used, as suggested by someone, what happens to the small/mid-sized company that is multi-homed out of an ISP's /20 or larger block? In this case, I can see an ISP with a /20 bust that up to /21s smaller to accommodate this user. 2. Wasn't /24 filtering something that a few large ISP's did a few years ago and everyone complained? I don't have a reference here but I seem to remember some flack about that. 3. What happens in the case of a carrier that has given /24s to a downstream out of different blocks? I guess the real question is this: If X company can not be reached, how/who would you complain to? And would this be like the RR and AOL email filtering lists where we all complain, and this filtering is an effort by some to force others to clean up their act? Am I out in Left field? Jim
On Jan 13, 2004, at 2:35 PM, McBurnett, Jim wrote:
Ok, I am often outgunned and off target here. But I have to ask this: 1. If filtering is used, as suggested by someone, what happens to the small/mid-sized company that is multi-homed out of an ISP's /20 or larger block? In this case, I can see an ISP with a /20 bust that up to /21s smaller to accommodate this user.
For everyone who filters, they will only see the aggregate CIDR and send it to that upstream. For everyone who does not filter, you will get traffic over the "closest" upstream. If the link to the upstream with the aggregate dies, interesting things can happen. Assuming that upstream listens to its own address space, traffic will go: [Filtering network] -> [CIDR upstream] -> [second upstream] If the CIDR upstream does not listen to its own announcements, you will lose connectivity from anyone who filters.
2. Wasn't /24 filtering something that a few large ISP's did a few years ago and everyone complained? I don't have a reference here but I seem to remember some flack about that.
Sprint and a few others used to filter on /19s, 'cause that's what ARIN & others handed out. They changed that to /20s when the rules changed. Sprint gave that up. Last time I checked Verio and a Japanese ISP (NTT?) filtered, but not many other people did. Almost everyone filters on /24s - they do not want to see /32s in the global table.
3. What happens in the case of a carrier that has given /24s to a downstream out of different blocks?
If the downstream is single homed, nothing. The /24s should not be in the global table, just the provider's local table. If the downstream is multi-homed, the upstream should try to give out aggregate blocks.
I guess the real question is this:
If X company can not be reached, how/who would you complain to?
Your upstream. You pay them for connectivity, if they cannot provide it, yell at them. Naturally, this does not always work. Joe Random ISP cannot force Verio to change its filtering policies.
And would this be like the RR and AOL email filtering lists where we all complain, and this filtering is an effort by some to force others to clean up their act?
Yes it is. But this is a bit more religious than spam filtering. Then again, so are some spam filters....
Am I out in Left field?
Yes, but aren't we all? :) -- TTFN, patrick
Sprint and a few others used to filter on /19s, 'cause that's what ARIN & others handed out. They changed that to /20s when the rules changed. Sprint gave that up.
The filtering was done on the /18 because that was what I expected we could easily afford to support in terms of memory and computation, in terms of maximum number of prefixes. The move to /19s was driven by two arguments: firstly, the regional internet registries explained how they would not allocate out half the available /19s within a generation of routing equipment, and secondly, it squelched many of the usual sources of complaint. The deployment of progressive flap-damping further relieved the need to filter on short prefixes, and the subsequent complementary deployment of progressive maximum prefix count limits have essentially eliminated the need to do prefix-length filtering at all. Long prefixes now are simply less reliable than the covering shorter prefixes allocated by the RIRs. Just how unreliable a given prefix is would be difficult to predict, which is a misfeature, but the routing system as a whole is much more robust than it was a decade ago. Unfortunately there has been a macroeconomic cost to the growth of background noise in the Internet -- and the noise is still there -- which has made the Internet as a whole more expensive and less widely available than it ought to be. However, there are much larger contributions of such waste outside the public Internet's routing system that dwarf the cost of the unnecessary demands on router power resulting from poor aggregation, poor hygiene, and poor stabilization practices.
Almost everyone filters on /24s - they do not want to see /32s in the global table.
Why not? I'm curious about why /24s are OK but /32s are not. I suggest that if there is no reason other than a watered down version of the voodoo mentality you've accused me personally of having with respect to long prefixes -- i.e., if you think I'm right about the problem but too aggressive about the limit -- that there is a business opportunity still waiting to be exploited by someone enterprising. With respect to that, for my part I wish I could go back in time and complete the next phase of the filtering, viz. a web page which would accept a credit card number from anyone who wanted to have a particular prefix allowed through the access-list, for a small recurring fee. Live and learn... Sean.
Hi Sean, long time no spar. :) Going to Miami? I'll buy you a drink. -- TTFN, patrick On Jan 14, 2004, at 7:14 AM, Sean M.Doran wrote:
Unfortunately there has been a macroeconomic cost to the growth of background noise in the Internet -- and the noise is still there -- which has made the Internet as a whole more expensive and less widely available than it ought to be. However, there are much larger contributions of such waste outside the public Internet's routing system that dwarf the cost of the unnecessary demands on router power resulting from poor aggregation, poor hygiene, and poor stabilization practices.
Interestingly, the main reason I wanted to stop filtering on /18|/19|/20 filtering is precisely the thing you say is hurt by lack of filtering - availability. A small ISP who wants two upstreams but did not have the customers to support a /19 back in the day was forced to deal with partial connectivity from one of their upstreams. Today anyone can have robust connectivity, no matter how small their network, even if they are not an ISP. I believe this has helped the Internet, not hurt it. If everyone but major backbones were forced to be single homed, I doubt the 'Net would be where it is today. [Guess I should start reading my multi6 folder if I don't wanna go through this again in a few years, huh? :-]
Almost everyone filters on /24s - they do not want to see /32s in the global table.
Why not? I'm curious about why /24s are OK but /32s are not.
Because that is where the Internet decided the break point should be - small enough to not upset people handing them out, but large enough to not have too many in the global table. If ISPs were handing out /26s to people who wanted to multi-home, that is where the break point would be. To be honest, I suspect it had more to do with inertia than a well-thought-out-plan. Lots of people had "Class Cs", so it just stuck. But the fact remains that anyone who wants to multi-home can get a /24, so the table only has to support /24s.
I suggest that if there is no reason other than a watered down version of the voodoo mentality you've accused me personally of having with respect to long prefixes -- i.e., if you think I'm right about the problem but too aggressive about the limit -- that there is a business opportunity still waiting to be exploited by someone enterprising.
Interesting way of putting it. Yes, I think some level of filtering needs to be done, and yes I think you were too aggressive. Neither of these are secrets to anyone who's been on the 'Net for a few years. But how we came to our decisions are very different. Is there a business opportunity? Maybe. Personally I think the time has past. The Internet is a commodity, trying to put on unneeded expenses or restricting access only loses you customers and therefore money. But I could be wrong, try setting up your idea and prove me wrong by getting rich off it.
With respect to that, for my part I wish I could go back in time and complete the next phase of the filtering, viz. a web page which would accept a credit card number from anyone who wanted to have a particular prefix allowed through the access-list, for a small recurring fee.
The problem with your idea is it requires collusion. The only way to get it to work is to guarantee that everyone does it, no one breaks ranks. Otherwise when you set up your web page, everyone else says "we'll do it for free", and then you're out of biz. :) -- TTFN, patrick
1. If filtering is used, as suggested by someone, what happens to the small/mid-sized company that is multi-homed out of an ISP's /20 or larger block? In this case, I can see an ISP with a /20 bust that up to /21s smaller to accommodate this user. 2. Wasn't /24 filtering something that a few large ISP's did a few years ago and everyone complained? I don't have a reference here but I seem to remember some flack about that.
Both of these points are why filtering is not a good solution, you just dont know what those netblocks are that you are missing, it needs to be controlled by the ISPs themselves.
3. What happens in the case of a carrier that has given /24s to a downstream out of different blocks?
This is not imho unnecessary deaggregation and not a problem, however where possible the blocks should be contiguous and aggregatable (unlikely), and dont forget each block should be given on the basis that it will last the downstream quite a long time so that over a few years the downstream only accumulates a couple blocks anyhow.
I guess the real question is this:
If X company can not be reached, how/who would you complain to?
If you are company X then its your fault and you should see where you went wrong! If you have a /26 that you're trying to route but no one is accepting it then consider that maybe you arent justifying your being an ISP..
And would this be like the RR and AOL email filtering lists where we all complain, and this filtering is an effort by some to force others to clean up their act?
Yeah kinda, same but different.. :) Steve
Am I out in Left field?
Jim
participants (4)
-
McBurnett, Jim -
Patrick W.Gilmore -
Sean M.Doran -
Stephen J. Wilcox