RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
I've had similar problem at SpeakEasy. They still don't have a reverse-DNS clue. http://www.mhsc.com/recovery.htm None of the DSL ISPs can do larger than /27 anymore, even when they're ILECs. Anything less than a /24 can't be SWIP'd and if you don't control your in-addr.arpa entries you don't control your domain and have no security.
From: John Palmer (NANOG Acct) [mailto:nanog@adns.net] Sent: Sunday, May 13, 2001 1:40 PM
<FLAME ON>
PSINet dumped all of their DSL customers onto CAIS. Covad is the backhaul provider for them both. Need I say more?
Bottom line, I dont know how many thousands of people were without service for more than a day because the whole transfer was botched.
We have a situation where we had a DSL connection from PSI and were using our own IP addresses. Problem is that no one changed the routing tables and the packets dead-ended at PSI.
Getting CAIS to fix this problem has been a nightmare. At first, PSI didnt stop announcing the routes and now that they have, it seems that CAIS will not announce the routes till Monday becuase "no one at our NOC knows how to do this and the one guy (ONE GUY IN THE WHOLE COMPANY - AND THEY ARE A NATIONWIDE PROVIDER????) who knows how doesn't work weekends."
<flame off - sorry to the list for being so loud>
* Roeland Meyer <rmeyer@mhsc.com> [20010513 13:45]:
None of the DSL ISPs can do larger than /27 anymore, even when they're ILECs.
What does being an ILEC have to do with layer 3 routing? 'sides there are plenty of DSL ISPs that offer larger than a /27. Heck, I count some of them among my clients who consist primarily of smaller regional players. If you are looking for more major player examples that offer larger IP blocks: * MegaPath <URL:http://www.megapath.net/> (see Support -> IP Request Form) * PacBell/SBC <URL:http://public.pacbell.net/dedicated/dsl/dsl_business.html> How hard have you looked, Roeland?
Anything less than a /24 can't be SWIP'd and if you don't control your in-addr.arpa entries you don't control your domain and have no security.
This is FUD. For example, look up "63.201.8.120". That sure looks like a /29 to me. Hell, that's even being done by an ILEC owned ISP. :-) In fact, ARIN (and other regional registries have similar policies) encourage SWIP reassignments for anything up to and including /29. An NSP who has to justify its requests for IP space (read: any) knows how much easier and quicker the process is made when they have everything SWIP'd already. <URL:ftp://ftp.arin.net/pub/swip/swipinstruction.txt> As to controlling your reverse delegation, if your IP block is less than a /24 how often do you _really_ need to change your reverse? If the answer is not often you are losing nothing by having your upstream handle it for you. If you still want control of it, convince your upstream to implement RFC2317 (if they haven't already): <URL:http://www.rfc-editor.org/rfc/rfc2317.txt> As to trusting reverse nameservice records for security, well, that's your choice not mine.. -jr ---- Josh Richards <jrichard@{ geekresearch.com, cubicle.net }> [JTR38/JR539-ARIN] Geek Research, LLC - San Luis Obispo, CA - <URL:http://www.geekresearch.com/> KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek
Actually, ARIN mandates that any ISP MUST SWiP any block shorter than /28. Perhaps they just don't want to take the time to change the reverse dns servers in your SWiP templates, and/or they don't want to have to deal with adding cname records for all of your ip's in their in-addr zones. I can't even get INAP to give me direct control over my /20 because my blocks are a part of their larger blocks, and it's too difficult for them (so they say) to edit their bind servers. It seems apparent that rdns is not an important issue to ISP's nowadays. To be honest, it's not important to mine either. We won't give someone control of their reverse dns. It's too time consuming and resource intensive to handle for hundreds of clients. I think few people realize the limited bottom line involved in running a DSL ISP. There isn't much room to spend 20 minutes setting up some guy's rdns zones when you're not even making a profit off of his line. :) We all want to keep clients happy, but there must be a limit. Hunter Pine Vice President, Network Operations hunter@compuhelp.com ----- Original Message ----- From: "Roeland Meyer" <rmeyer@mhsc.com> To: <nanog@nanog.org> Sent: Sunday, May 13, 2001 5:20 PM Subject: RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
I've had similar problem at SpeakEasy. They still don't have a reverse-DNS clue.
http://www.mhsc.com/recovery.htm
None of the DSL ISPs can do larger than /27 anymore, even when they're ILECs. Anything less than a /24 can't be SWIP'd and if you don't control your in-addr.arpa entries you don't control your domain and have no security.
From: John Palmer (NANOG Acct) [mailto:nanog@adns.net] Sent: Sunday, May 13, 2001 1:40 PM
<FLAME ON>
PSINet dumped all of their DSL customers onto CAIS. Covad is the backhaul provider for them both. Need I say more?
Bottom line, I dont know how many thousands of people were without service for more than a day because the whole transfer was botched.
We have a situation where we had a DSL connection from PSI and were using our own IP addresses. Problem is that no one changed the routing tables and the packets dead-ended at PSI.
Getting CAIS to fix this problem has been a nightmare. At first, PSI didnt stop announcing the routes and now that they have, it seems that CAIS will not announce the routes till Monday becuase "no one at our NOC knows how to do this and the one guy (ONE GUY IN THE WHOLE COMPANY - AND THEY ARE A NATIONWIDE PROVIDER????) who knows how doesn't work weekends."
<flame off - sorry to the list for being so loud>
Correction, any block shorter than a /29, not a /28 must be SWiPed if you ever want another IP block from ARIN again. :) ----- Original Message ----- From: "Hunter Pine" <hunter@compuhelp.com> To: <nanog@nanog.org> Sent: Sunday, May 13, 2001 7:26 PM Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
Actually, ARIN mandates that any ISP MUST SWiP any block shorter than /28. Perhaps they just don't want to take the time to change the reverse dns servers in your SWiP templates, and/or they don't want to have to deal
with
adding cname records for all of your ip's in their in-addr zones. I can't even get INAP to give me direct control over my /20 because my blocks are a part of their larger blocks, and it's too difficult for them (so they say) to edit their bind servers.
It seems apparent that rdns is not an important issue to ISP's nowadays. To be honest, it's not important to mine either. We won't give someone control of their reverse dns. It's too time consuming and resource intensive to handle for hundreds of clients. I think few people realize the limited bottom line involved in running a DSL ISP. There isn't much room to spend 20 minutes setting up some guy's rdns zones when you're not even making a profit off of his line. :)
We all want to keep clients happy, but there must be a limit.
Hunter Pine Vice President, Network Operations hunter@compuhelp.com
----- Original Message ----- From: "Roeland Meyer" <rmeyer@mhsc.com> To: <nanog@nanog.org> Sent: Sunday, May 13, 2001 5:20 PM Subject: RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
I've had similar problem at SpeakEasy. They still don't have a
reverse-DNS
clue.
http://www.mhsc.com/recovery.htm
None of the DSL ISPs can do larger than /27 anymore, even when they're ILECs. Anything less than a /24 can't be SWIP'd and if you don't control your in-addr.arpa entries you don't control your domain and have no security.
From: John Palmer (NANOG Acct) [mailto:nanog@adns.net] Sent: Sunday, May 13, 2001 1:40 PM
<FLAME ON>
PSINet dumped all of their DSL customers onto CAIS. Covad is the backhaul provider for them both. Need I say more?
Bottom line, I dont know how many thousands of people were without service for more than a day because the whole transfer was botched.
We have a situation where we had a DSL connection from PSI and were using our own IP addresses. Problem is that no one changed the routing tables and the packets dead-ended at PSI.
Getting CAIS to fix this problem has been a nightmare. At first, PSI didnt stop announcing the routes and now that they have, it seems that CAIS will not announce the routes till Monday becuase "no one at our NOC knows how to do this and the one guy (ONE GUY IN THE WHOLE COMPANY - AND THEY ARE A NATIONWIDE PROVIDER????) who knows how doesn't work weekends."
<flame off - sorry to the list for being so loud>
participants (3)
-
Hunter Pine -
Josh Richards -
Roeland Meyer