If there is a way to achieve the same goal without having impact on the live network at this stage, why do that way? Eric-jan's approach accomplishes that. By the way, Peter has a nice summary of the approach. A live network is something which is very hard to simulate, as anyone who has worked on new software or procedures for an operational network will probably tell you. I don't understand your objection - we have people who are willing, able, and ready to cut some of their operational traffic over to using CIDR addressing. This is with the full knowledge that there might be problems. Why not let them do it? We will, of course, keep configurations in place to allow them and us to back- out dependancies on CIDR on a moment's notice, in case things don't work and we can't fix the CIDR infrastructure in a timely manner. Like the commercial says: "Just Do It". --Vince
Of course! Just a question? How can Jessica (or anyone at Merit/ANS Sprint, Ebone or anyone else reselling) -prevent- the customer from doing aggregation once (M/A, Sprint, Alternet, Ebone) are cidr capable? -- Regards, Bill Manning
Of course! Just a question? How can Jessica (or anyone at Merit/ANS Sprint, Ebone or anyone else reselling) -prevent- the customer from doing aggregation once (M/A, Sprint, Alternet, Ebone) are cidr capable?
-- Regards, Bill Manning
Same way we prevent the customer from not advertising 140.222 or net 35 or [pick your favorite network number that would cause a denial of service or make snooping slightly easier]. Don't beleive them. Some people are not as careful. :-) Curtis
Of course! Just a question? How can Jessica (or anyone at Merit/ANS Sprint, Ebone or anyone else reselling) -prevent- the customer from doing aggregation once (M/A, Sprint, Alternet, Ebone) are cidr capable?
Don't beleive them.
Perhaps I was not clear. If I (NSP to the world) claim the be cidr capable and willing to accept & transit cidr routes, what basis do I have to restrict my clients from sending me aggregated routes? If I follow the advice given above, (from a number of folks), then I am capricious in acceptance of stated policy. Merit/ANS should accept my NACR for route addition/removal as long as it affects nets that are verifiably mine. Sprint, Alternet, and Ebone are in the same boat (I think). Can any of us arbitrarily deny our clients? I think not. If I choose to have Merit/ANS remove more specific routes, I think they are obligated to do so. Is this true? That way, -I- am responsible, not my provider. -- Regards, Bill Manning
Can any of us arbitrarily deny our clients? I think not. If I choose to have Merit/ANS remove more specific routes, I think they are obligated to do so. Is this true? That way, -I- am responsible, not my provider.
We only propogate exact matches to the NACRs. If you ask for a more specific route to be removed, it's gone from ANS. We will still believe more specific routes (than what is listed in the NACR) from you to get the next hop right but we won't export the more specific routes into our IBGP (unless another NACR matches it exactly). Did I understand the question right? Curtis
From: Vince Fuller <vaf@Valinor.Stanford.EDU> Subject: Re: CIDR deployment A live network is something which is very hard to simulate, as anyone who has worked on new software or procedures for an operational network will probably tell you. Agree. But in this case, the objective is to detect CIDR blackholes. Using Harvard's systematic connectivity test approach with a test net could accomplish the same as with a live network. Why using live networks? I don't understand your objection - we have people who are willing, able, and ready to cut some of their operational traffic over to using CIDR addressing. This is with the full knowledge that there might be problems. Why not let them do it? We will, of course, keep configurations in place to allow them and us to back- out dependancies on CIDR on a moment's notice, in case things don't work and we can't fix the CIDR infrastructure in a timely manner. I just think there is a safer way to accomplish the same at this stage, see above. When most of the CIDR unreachable ASs on Harvard's list (not 'Shindler's List' :-)) disappear, there will be much less unreachables from/to live network and that is the time. I think what prevents us to move forward is the CIDR holes (ASs is neigher CIDRing nor defaulting). We need to continue detecting the holes and fill these holes one way or the other. --Jessica
With the exception of the CIX (which should be fixed either later this week or early next week), I see no reason why people can't do CIDR routing for their production nets. Its possible to insist on doing lots of testing & being paranoid about it, but time is running out. I have already seen two 16 Meg routers run out of memory. I care not to see more. --asp@uunet.uu.net (Andrew Partan)
Let me make this clear: I do not favor doing just test and test and I do not think I have been advocating that. In fact, I have been working with ASs to BGP4 with NSFNET and advertise aggregates to it. I like the approach of using a test component or a test CIDR route to detecting the existence of CIDR holes (note just for the probing) to help working towards the withdrawal of more specific operational routes. a. I think people should move from BGP3 to BGP4 as soon as possible Currently, there are 20 ASs with ~45 peers which are actively BGP4 with NSF/ANSNet. b. I think those already run BGP4 should advertise aggregates to get ready to withdraw more specific routes. c. I think those ASs still do neigher CIDR nor default should get their act together not to be CIDR holes which preventing others from withdraw more specific routes. d. I think it is very important now to detecting CIDR holes and do whatever possible to fill them so specific routes could be replaced by CIDR routes and thus reduce the size of routing tables. It is great to hear that CIX will CIDR today or early next week. That will certainly move us forward. Also, since Harvard has already detecting such holes for us, ASs which has little or none connectivity needs to those ASs on Harvard's list could in fact start to withdraw more specific routes. --Jessica
participants (5)
-
asp@uunet.uu.net
-
bmanning@is.rice.edu
-
Curtis Villamizar
-
Jessica Yu
-
Vince Fuller