Re: How Not to Multihome
--- Keegan.Holley@sungard.com wrote: I have a client that wants us to advertise an IP block assigned by another ISP. I know that the best practice is to have them request an AS number from ARIN and peer with us, etc. However, I cannot find any information that states as law. Does anyone know of a document or RFC that states this? ---------------------------------------- There is no law. ;) Also, you can advertise the other provider's block given to your prospective customer as long as you work with that provider on how to do it. However, if it's less than a /24 it won't get very far as most upstreams block prefixes longer than a /24. scott
Hi, On Oct 8, 2007, at 2:48 PM, Scott Weeks wrote:
However, if it's less than a /24 it won't get very far as most upstreams block prefixes longer than a /24.
I'm curious: a couple of people have indicated they do not believe this to be the case. Anybody have any hard data on what filters are actually in use today? Others have indicated that such filters (assuming they exist) will not last in the face of paying customers presenting longer than /24 prefixes for routing. Specifically, that ISPs will relax their filters (allowing longer than /24) in order to get their peers to accept their long prefixes. Anybody have an opinion on the likelihood of this? Thanks, -drc
On Mon, 8 Oct 2007 16:06:52 -0700 David Conrad <drc@virtualized.org> wrote:
Hi,
On Oct 8, 2007, at 2:48 PM, Scott Weeks wrote:
However, if it's less than a /24 it won't get very far as most > upstreams block prefixes longer than a /24.
I'm curious: a couple of people have indicated they do not believe this to be the case. Anybody have any hard data on what filters are actually in use today?
That's a good question. http://www.nanog.org/mtg-0105/prefix.html says what was in use 6.5 years ago; it would be good to look at newer data.
Others have indicated that such filters (assuming they exist) will not last in the face of paying customers presenting longer than /24 prefixes for routing. Specifically, that ISPs will relax their filters (allowing longer than /24) in order to get their peers to accept their long prefixes. Anybody have an opinion on the likelihood of this?
The traditional answer has been "paying whom?" A given ISP's customers might pay it to announce their routes; *maybe* they'll have bilateral agreements with some of their peers to carry each other's longer routes. But what about the next hop? Put another way, there's been a lot of discussion -- pardon me, a *FLEEPING LOT of DISCUSSION* -- on this list lately about how lots of folks need to upgrade line cards and/or IOS and/or routers to keep up with the growth of the routing table. If the growth is due to long prefixes, who pays? Again, it's (relatively) easy to charge your own customers. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Mon, 8 Oct 2007, David Conrad wrote:
Others have indicated that such filters (assuming they exist) will not last in the face of paying customers presenting longer than /24 prefixes for routing. Specifically, that ISPs will relax their filters (allowing longer than /24) in order to get their peers to accept their long prefixes. Anybody have an opinion on the likelihood of this?
The only exceptions I've seen to the /24 policy are when the customer in question multihomes to the same upstream - sometimes done with a specific AS designated for that purpose, i.e. what UUNET does with AS7046. Those routes are then aggregated that provider's parent block(s). As far as allowing prefixes longer than a /24, that decision was made when the Internet was considerably smaller than it is now, and many networks adopted /24 as the cutoff point. If you make the cutoff point smaller, what is the new point... /26? /32? Many networks see customers multi-homing as pretty easy justification to provide them with a /24 of PA space, even if they're small enough that justifying a /24 while single-homed wouldn't work. jms
On Mon, 8 Oct 2007, Justin M. Streiner wrote:
As far as allowing prefixes longer than a /24, that decision was made when the Internet was considerably smaller than it is now, and many networks adopted /24 as the cutoff point. If you make the cutoff point smaller, what is the new point... /26? /32?
Anything longer than /24 is unlikely to propogate far on the internet. You can all check your filters to see. I just checked mine, and neither Level3 nor Time Warner has tried to send me anything longer than /24 in recent history. If they did, it'd show up as hits on a distribute-list deny rule. Rather than ISPs relaxing filters, you're likely to see them get more strict, filtering shorter prefixes, when routers start falling over in the next few months.
Many networks see customers multi-homing as pretty easy justification to provide them with a /24 of PA space, even if they're small enough that justifying a /24 while single-homed wouldn't work.
This is actually in the ARIN "rules". Multihoming is justification (regardless of utilization) for one of the multihomed network's providers to assign them a /24. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Mon, 8 Oct 2007, Jon Lewis wrote:
adopted /24 as the cutoff point. If you make the cutoff point smaller, what is the new point... /26? /32?
Anything longer than /24 is unlikely to propogate far on the internet. You can all check your filters to see. I just checked mine, and neither Level3 nor Time Warner has tried to send me anything longer than /24 in recent history. If they did, it'd show up as hits on a distribute-list deny rule.
I realize that - I was posing a rhetorical question to the previous poster :)
This is actually in the ARIN "rules". Multihoming is justification (regardless of utilization) for one of the multihomed network's providers to assign them a /24.
Been down that road a few times too, both as a provider and a customer. jms
Hi, On Oct 8, 2007, at 6:28 PM, Justin M. Streiner wrote:
On Mon, 8 Oct 2007, Jon Lewis wrote:
adopted /24 as the cutoff point. If you make the cutoff point smaller, what is the new point... /26? /32?
Presumably the fear is there being no limitation, that is, /32.
Anything longer than /24 is unlikely to propogate far on the internet.
Pedantically speaking, there ain't no such thing as "the internet". There are a series of interconnected private IP based networks, each with their own policy about what they'll transmit and accept in terms of routing updates. What one ISP accepts and propagates is not necessarily what the next ISP accepts and propagates. What I'm trying to understand is whether there is a sufficient critical mass to define a consensus maximal prefix among those interconnected networks.
You can all check your filters to see. I just checked mine, and neither Level3 nor Time Warner has tried to send me anything longer than /24 in recent history. If they did, it'd show up as hits on a distribute-list deny rule.
I realize that - I was posing a rhetorical question to the previous poster :)
The argument, as I understand it (and those who argue this direction feel free to correct me if I misstate), is that as the IPv4 free pool exhausts, there will be a natural pressure to increase address utilization efficiency. This will likely mean longer prefixes will begin to be put (back) into use, either from assignments and allocations that were "rediscovered" or from unused portions of shorter prefixes. Customers will approach ISPs to get these long prefixes routed, shopping through ISPs until they find one that will accept their money and propagate the long prefix. Now, of course announcing a route doesn't mean anyone will accept it, but as I understand the theory, larger ISPs will agree to accept and propagate longer prefixes from other larger ISPs if those other ISPs will be willing to accept and propagate transmitted long prefixes ("scratch my back and I'll scratch yours"), particularly if this encourages the smaller ISPs to 'look for other employment opportunities' when they can't afford the router upgrades. Personally, I fully expect the first part to happen. Where I'm having trouble is the second part (the accepting longer prefixes part). However, a few prominent members of the Internet operations community whom I respect have argued strongly that this is going to happen. I thought I'd ask around to see what other folk think... If people feel uncomfortable publicly stating their filter policy is, I'd be happy to summarize responses sent to me directly, keeping individual responses confidential. Regards, -drc
On Oct 8, 2007, at 10:28 PM, David Conrad wrote:
The argument, as I understand it (and those who argue this direction feel free to correct me if I misstate), is that as the IPv4 free pool exhausts, there will be a natural pressure to increase address utilization efficiency. This will likely mean longer prefixes will begin to be put (back) into use, either from assignments and allocations that were "rediscovered" or from unused portions of shorter prefixes. Customers will approach ISPs to get these long prefixes routed, shopping through ISPs until they find one that will accept their money and propagate the long prefix.
Now, of course announcing a route doesn't mean anyone will accept it, but as I understand the theory, larger ISPs will agree to accept and propagate longer prefixes from other larger ISPs if those other ISPs will be willing to accept and propagate transmitted long prefixes ("scratch my back and I'll scratch yours"), particularly if this encourages the smaller ISPs to 'look for other employment opportunities' when they can't afford the router upgrades.
We know this is not the case from history. For instance, look at Sprint & ACL112. Also, we know from history that smaller ISPs sometimes are better able to do router upgrades than large ones.
Personally, I fully expect the first part to happen. Where I'm having trouble is the second part (the accepting longer prefixes part). However, a few prominent members of the Internet operations community whom I respect have argued strongly that this is going to happen. I thought I'd ask around to see what other folk think...
I'd bet against the first part happening, so the second part is moot. -- TTFN, patrick
owner-nanog@merit.edu wrote on 10/08/2007 10:28:37 PM:
Hi,
On Oct 8, 2007, at 6:28 PM, Justin M. Streiner wrote:
On Mon, 8 Oct 2007, Jon Lewis wrote:
adopted /24 as the cutoff point. If you make the cutoff point smaller, what is the new point... /26? /32?
Presumably the fear is there being no limitation, that is, /32.
Anything longer than /24 is unlikely to propagate far on the internet.
Pedantically speaking, there ain't no such thing as "the internet".
There ain't no such thing as ain't but somehow that term has been proliferated as well. (less pedantic)
There are a series of interconnected private IP based networks, each with their own policy about what they'll transmit and accept in terms of routing updates. What one ISP accepts and propagates is not necessarily what the next ISP accepts and propagates.
Unfortunately that also goes for the customers of that ISP. So if one of the Tier I's decides not to accept my public /29 then the millions of singlehomed subscribers go with it. The idea of random AS's accepting and blocking a prefix scares the hell out of me. It's right under the idea of some director calling me into his office because some customer can't get to AOL subscribers and their NOC told us to beat it when we called and asked for the filters to be updated.
What I'm trying to understand is whether there is a sufficient critical mass to define a consensus maximal prefix among those interconnected networks.
You can all check your filters to see. I just checked mine, and neither Level3 nor Time Warner has tried to send me anything longer than /24 in recent history. If they did, it'd show up as hits on a distribute-list deny rule.
I realize that - I was posing a rhetorical question to the previous poster :)
The argument, as I understand it (and those who argue this direction feel free to correct me if I misstate), is that as the IPv4 free pool exhausts, there will be a natural pressure to increase address utilization efficiency. This will likely mean longer prefixes will begin to be put (back) into use, either from assignments and allocations that were "rediscovered" or from unused portions of shorter prefixes. Customers will approach ISPs to get these long prefixes routed, shopping through ISPs until they find one that will accept their money and propagate the long prefix.
Not if their engineering staff possess the gift of clue.. (See above)
Now, of course announcing a route doesn't mean anyone will accept it, but as I understand the theory, larger ISPs will agree to accept and propagate longer prefixes from other larger ISPs if those other ISPs will be willing to accept and propagate transmitted long prefixes ("scratch my back and I'll scratch yours"), particularly if this encourages the smaller ISPs to 'look for other employment opportunities' when they can't afford the router upgrades.
Personally, I fully expect the first part to happen. Where I'm having trouble is the second part (the accepting longer prefixes part). However, a few prominent members of the Internet operations community whom I respect have argued strongly that this is going to happen. I thought I'd ask around to see what other folk think...
The DOD aside even if some of the larger ISP's are bribed into accepting the smaller blocks. There are still some unanswered questions. First there is no way to force every AS to accept the routes, so some medium sized transit as will respond with "not until ARIN makes us" and the long networks will have to reachibility to the subscribers of that AS. Also, where do you stop? /26 /30? The biggest argument against the short prefixes is stability. Just imagine the route churn if I start advertising a /30 for some metro E link to China and then it starts flapping. If this isn't enough picture 20 such links or 2000. Fiber cut anyone? Or if this is too unrealistic how about a random /27 owned by some colo customer who router is flapping constantly. IMHO this is one instance where Pandora's box should remain closed.
If people feel uncomfortable publicly stating their filter policy is,
Does anyone know how to write over my router in RPSL?
I'd be happy to summarize responses sent to me directly, keeping individual responses confidential.
Regards, -drc
--- Keegan.Holley@sungard.com wrote:
So if one of the Tier I's decides not to accept my public /29 then the millions of singlehomed subscribers go with it.
Yep. During normal operation, someone would be announcing the aggregate out of which your /29 is carved, and that provider should be someone you're paying to carry the more-specific. Traffic will get to you in that case. If your circuit to that provider goes down, then the other customers of your other provider will be able to reach you, but the peers and suppliers of your other provider would likely not. The easiest way to multihome in a way which mostly works (tm) is to get an ASN and self-originate a prefix which is /24 or larger. As of right now, multihoming is a justification for a /24 and an ASN, so multihoming in a different way should be something which is done for a specific reason, or to solve a particular problem. Yes, yes, there are multiple other ways to do this, but their failure modes might not be as easy for your providers to help you troubleshoot as BGP is. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com ____________________________________________________________________________________ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/
participants (8)
-
David Barak
-
David Conrad
-
Jon Lewis
-
Justin M. Streiner
-
Keegan.Holley@sungard.com
-
Patrick W. Gilmore
-
Scott Weeks
-
Steven M. Bellovin