Re: Policy Statement on Address Space Allocations
Then, some of you will ask how to enforce this. Once every so often, you dump the BGP routing tables from strategic routers. If you see any non-matching prefixes, you send an email to the network coordinator for the allocated block giving them a set amount of time to clean it up. Any routes which are not cleaned up by the deadline are added to a filter list which could be carried on routers.
Sorry, *who* gets to play the net politzai? Registries have no control over service providers, and service providers have insufficient human resources to do that (and most won't do that anyway). Note that updating exterior policy filters by a large ISP involves carefully planned and timed update on some dozen-odd routers, so it is not done often, and certainly won't be done just to punish some clueless luser. We'll be back shortly after the expected RA advertisement break... --vadim Not speaking for Sprint.
Sorry, *who* gets to play the net politzai? Well, I think someone who has considerable experience with a totalitarian regime and a secret police state would be appropriate, wouldn't you, Vadim? ;-) Tony
On Fri, 26 Jan 1996, Vadim Antonov wrote:
Then, some of you will ask how to enforce this. Once every so often, you dump the BGP routing tables from strategic routers. If you see any non-matching prefixes, you send an email to the network coordinator for the allocated block giving them a set amount of time to clean it up. Any routes which are not cleaned up by the deadline are added to a filter list which could be carried on routers.
Sorry, *who* gets to play the net politzai? Registries have no control over service providers, and service providers have insufficient human resources to do that (and most won't do that anyway).
Note that updating exterior policy filters by a large ISP involves carefully planned and timed update on some dozen-odd routers, so it is not done often, and certainly won't be done just to punish some clueless luser.
Is there some other method which would be as effective to destroy a specific net's connectivity to the majority of the net? A few come to mind right now: 1) ip route <luser's address & mask> null0 - has the disadvantage of adding an entry to the routing table, and might cause other problems if static routes are redistributed into BGP in some fashion. 2) ip filtering: - Probably uses more CPU than #1, but doesn't screw with the routing tables. 3) Something else? Remember, the goal here is to get the registry to limit the number of blocks allocated. Then, provide a method to require those blocks to remain in one piece. I doubt that many people are going to not react to a note such as the following: (maybe a little less technical) According to our records, you were allocated a block of 64 addresses, otherwise known as an /18 block. When this was allocated, you were informed that you MUST announce this block to the internet in a single route. In the automatic scan of the routing table which took place on 01/01/1996, routes to the networks listed below were discovered in at least one backbone router: 208.128.128.0/18 208.128.132.0/24 If the entries for any block(s) smaller than the original /18 allocation do not dissapear by 2/1/1996, the smaller block(s) will cease to function on the net for a period of 30 days or longer. This will be accomplished through one of several means, including filtering the addresses on the backbone routers, etc. Thank you. I doubt you're going to need to add many filters :) As far as who will run the programs to check for this, I'm sure that a suitable home for the tools necessary could be found. -forrest
Ahem, ] Remember, the goal here is to get the registry to limit the number ] of blocks allocated. Then, provide a method to require those ] blocks to remain in one piece. I doubt that many people are going to not ] react to a note such as the following: (maybe a little less technical) ] [bureaucratia deleted] Running to the registries to save us is silly, silly, silly, and dumb. So many folx seem to coalesce all arguments into bureacratic governmental intervention. Several obvfacts: + We're not regulated. + The NSPs talk to each other because they want to. + People that want global connectivity choose their own NSP. + Our (at least USA's) "Internet" is capitalist. Accepting these assumptions leads to a simple conclusion: The NSPs have the power. When MCI, SL, UU, PSI, Digex, GI start enforcing a hierarchal CIDR announcement policy that *has no grandfather clause*, we will learn that our Internet model pushes away the next hurdle. The next hurdle of course calls for new technology. I'm reminded of Einstein's quote paraphrased, problems of today cannot be solved with today's thinking. Don't waste your time diddling amongst each other on this mail list about how the registries ought to be more forceful, or how the feel-good net.citizens ought 'do their part' and be communist^H^H^H^H^H^H^H^H^H^H^H^H 'sacrifice for the good of the whole'. Tell your upstream that outages based on routing table issues are not acceptable. If they don't get their act together, please pull out your service contract... You'll find a clause in your contract for 'unacceptable service'. Exercise it. We've got one in each of our contracts, as do our downstreams. We're this close to exercising one of these options on our upstream, and it's rather ironic that they've voices who most agree w/ me, although they blame all their problems on the other bad people who don't aggregate. More /19 business, Sean, only go deeper. Make the lazy hurt. Most people on the net right now are just dazed sheep. Put the fences up and herd them towards dynamic numbering and proactive planning, but don't look to the governmental agencies. They've given us Velcro and internetworking, let's leave good enough alone. -alan
When MCI, SL, UU, PSI, Digex, GI start enforcing a hierarchal CIDR announcement policy that *has no grandfather clause*, we will learn that our Internet model pushes away the next hurdle.
Nope, the only thing we'll all (re)learn is how many lawyers there are in the world. henry
participants (5)
-
Alan Hannan
-
Forrest W. Christian
-
Henry Clark
-
Tony Li
-
Vadim Antonov