can someone point me at a URL which defines the "ARIN guidelines" for aggregating or filtering routes?

as arin can not tell isps what to filter, i very much doubt you will find anything like this. randy

you may want to look at http://info.us.bb.verio.net/ but we have discussed this to death before. a number of isps filter old B space on /16 randy

: > it appears there are providers out there that are abiding by the "ARIN : > guidelines" and thereby nuking routes within classical class b space. : [snip] : : It also appears that there are parties who received address delegations : within classical B space and are parceling chunks out, without any : delegation or registration. Without that administrativia, and no clear : customer-vendor relationship in an AS path, how does this behavior look : any different to address hijacking? It doesn't. At the very least, an rwhois server should be hosted by the current authority for the aggregate space, and adverts should be registered with the appropriate routing registry. IMHO, of course. -brian

Looks like they have a routing registry to me: whois -h rr.level3.net 63.211.112.0 % RIPEdb(3.0.0a13) with ISI RPSL extensions route: 63.211.112.0/24 descr: /24 for Wayport POP origin: AS14654 mnt-by: WAYPORT-MNT changed: noc@wayport.net 20000322 source: LEVEL3 Why the bogus route, I don't know. Although this is pretty good: whois -h rr.level3.net 63.0.0.0 % RIPEdb(3.0.0a13) with ISI RPSL extensions route: 63.0.0.0/13 descr: UUNET, An MCI Worldcom Company 3060 Williams Drive Fairfax VA 22031 USA origin: AS701 mnt-by: MAINT-AS701 changed: juzer@UU.NET 19981110 source: RADB In message <Pine.BSF.4.20.0003241745280.511-100000@alive.znep.com>, Marc Slemko writes:

Cute. So, further to this, I noticed that AS3356 (level3.net) was advertising a route for 63/8, on and off. Doesn't seem to be advertised right now, but it comes and goes. Example history entry from a couple of minutes ago:

BGP routing table entry for 63.0.0.0/8, version 5217053 Paths: (14 available, no best path) Not advertised to any peer 10764 5646 1239 3356 3356 3356 (history entry) 206.220.240.223 from 206.220.240.223 (206.220.240.223) Origin IGP, localpref 100, external Dampinfo: penalty 464, flapped 1 times in 00:17:10 5056 3561 3356 (history entry) 167.142.3.6 from 167.142.3.6 (167.142.3.6) Origin IGP, localpref 100, external Dampinfo: penalty 467, flapped 1 times in 00:17:00 267 1225 1325 1673 701 3356 (history entry) 204.42.253.253 from 204.42.253.253 (204.42.253.253) Origin IGP, localpref 100, external Community: 267:1225 1225:80 1225:1325 Dampinfo: penalty 732, flapped 2 times in 00:17:08 1755 1800 1239 3356 3356 3356 (history entry) 192.121.154.25 from 192.121.154.25 (192.121.154.25) Origin IGP, localpref 100, external Dampinfo: penalty 469, flapped 1 times in 00:16:50 293 1800 1239 3356 3356 3356 (history entry) 134.55.24.6 from 134.55.24.6 (134.55.20.229) Origin IGP, localpref 100, external Dampinfo: penalty 458, flapped 1 times in 00:17:24 1849 702 701 3356 (history entry) [...]

Why are they doing this? Who knows, they don't respond to email. But I notice that they are advertising a whole bunch of /24s, /23s, and other sub /20 blocks under 63/8. What a great solution; "hey, people can't reach us because we are advertising bogusly small blocks, so lets just advertise an aggregate for the whole /8 to make sure everyone listens to it". Riiiiiiiiight.

The concept (ie. advertise an aggregate, even if it doesn't go to exactly the right place, then also advertise more specifics; if someone filters the more specifics, the aggregate will serve to get traffic to a network that does listen to the more specifics) does often work as long as your network topography is simple enough, it sure doesn't cut down on route bloat.

Insert standard rant about having a clue before advertising routes, not advertising bogusly small blocks, routing registries, etc.

--- jerry@fc.net Director Network Operations/Network Engineering, Wayport, Inc. 512-519-6193 www.wayport.net 8303 Mopac Expressway Suite A300, Austin Tx.

Isn't that 63.0.0.0-63.7.255.255? Where's the overlap? -ls- Deepak Jain <deepak@ai.net> wrote:

...

whois -h rr.level3.net 63.0.0.0

% RIPEdb(3.0.0a13) with ISI RPSL extensions

route: 63.0.0.0/13 descr: UUNET, An MCI Worldcom Company 3060 Williams Drive Fairfax VA 22031 USA origin: AS701 mnt-by: MAINT-AS701 changed: juzer@UU.NET 19981110 source: RADB

Is there something inherently wrong about this that I am not seeing? Its not like UUNET is in there as 63.0.0.0/8.

Or maybe its late in the week for me to make any sense of routing registry entries.

Thanks,

Deepak Jain AiNET

On Fri, 24 Mar 2000, Marc Slemko wrote:

Why are they doing this? Who knows, they don't respond to email.

Boy wouldn't it be nice if there were agreements in place between everyone to offer timely inter-provider addressment of events such as this rather than being forced to engage in public shamings on Nanog on the off chance that someone from a given provider is reading their mail? Oh well, guess the various governments will have to do it for us.... /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Earth is a single point of failure. \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/