Re: How polluted is 1/8?
Having this data is useful, but I can't help to think it would be more useful if it were compared with 27/8, or other networks. Is this slightly worse, or significantly worse than other networks?
I have only anecdotal information regarding 45/8. 45/8 is assigned to Interop, and as such it is brought up-and-down as Interop's shows move in and out of convention centers. Starting at least 5 years ago, it has proved impractical to start announcing 45/8, since this causes immediate and massive amounts of traffic to flow into the show network. The last time that I know that the full 45/8 was announced, traffic settled down to about a full T3's worth of bandwidth before the network engineers started announcing smaller /16 chunks as actually needed. Even /16 has proved impractical while the network is being built-out, before the show, because the build-out site typically has T1-ish bandwidth---again, saturated with a /16 being announced. This information is very different from the RIPE Labs experiment which I think showed that certain "obvious" addresses (1.1.1.1 seemed to be the kicker in my short reading of their report) were being mis-used heavily. But I suspect that 27/8 would have similar issues to 45/8. However, it is not clear to me that this is different from any other /8. In other words, for those that have a /8, they probably DO have to put up with a T3-worth of garbage flowing their way before they move the first useful packet. However, you don't get a /8 unless a T3 is small potatoes to you, hence... jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms@Opus1.COM http://www.opus1.com/jms
On Wed, 3 Feb 2010, Joel M Snyder wrote:
This information is very different from the RIPE Labs experiment which I think showed that certain "obvious" addresses (1.1.1.1 seemed to be the kicker in my short reading of their report) were being mis-used heavily. But I suspect that 27/8 would have similar issues to 45/8.
I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes.... I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...). jms
On 2/3/2010 2:19 PM, Justin M. Streiner wrote:
I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...).
I think it is too bad that we didn't have the forethought to route all of those networks to 100-watt resistors some years ago. When I last was admin of a small-corner of the world I routed a lot of that kind of traffic (I don't remember it 1/? was part of that or not) to the null interface. -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
On Wed, 3 Feb 2010, Larry Sheldon wrote:
On 2/3/2010 2:19 PM, Justin M. Streiner wrote:
I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...).
I think it is too bad that we didn't have the forethought to route all of those networks to 100-watt resistors some years ago.
When I last was admin of a small-corner of the world I routed a lot of that kind of traffic (I don't remember it 1/? was part of that or not) to the null interface.
If some unfortunate soul does get 1.1.1.1, 1.2.3.4, 1.3.3.7, etc, they would also likely experience significant global reachability problems in addition to all of the unintended noise that gets sent their way. There are many sites that specifically filter those addresses, in addition to those that don't update bogon filters, or assume "no one will _ever_ get 1.2.3.4!" :) jms
If some unfortunate soul does get 1.1.1.1, 1.2.3.4, 1.3.3.7, etc, they would also likely experience significant global reachability problems in addition to all of the unintended noise that gets sent their way.
There are many sites that specifically filter those addresses, in addition to those that don't update bogon filters, or assume "no one will _ever_ get 1.2.3.4!" :)
They would make great DNS server IPs for someone who wanted to host them. :) Deepak
On 4/02/2010, at 9:19 AM, Justin M. Streiner wrote:
I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes....
1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the general public will not get addresses in these. -- Nathan Ward
On Thu, 4 Feb 2010, Nathan Ward wrote:
On 4/02/2010, at 9:19 AM, Justin M. Streiner wrote:
I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes....
1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the general public will not get addresses in these.
Yes, I did see that. What I noticed yesterday was that there were no prefixes that cover 1.1.1.1 or 1.2.3.4 being announced globally at that point. jms
On Feb 3, 2010, at 3:10 PM, Joel M Snyder wrote:
Having this data is useful, but I can't help to think it would be more useful if it were compared with 27/8, or other networks. Is this slightly worse, or significantly worse than other networks?
I have only anecdotal information regarding 45/8.
45/8 is assigned to Interop, and as such it is brought up-and-down as Interop's shows move in and out of convention centers. Starting at least 5 years ago, it has proved impractical to start announcing 45/8, since this causes immediate and massive amounts of traffic to flow into the show network.
The last time that I know that the full 45/8 was announced, traffic settled down to about a full T3's worth of bandwidth before the network engineers started announcing smaller /16 chunks as actually needed. Even /16 has proved impractical while the network is being built-out, before the show, because the build-out site typically has T1-ish bandwidth---again, saturated with a /16 being announced.
Just because I find it amusing timing... today I sat in a vendor presentation where he connected to his company's demo site and I smiled as I saw IP addresses in 45/8 (as well as 10/8 and others).
participants (6)
-
Deepak Jain
-
Joel M Snyder
-
John Payne
-
Justin M. Streiner
-
Larry Sheldon
-
Nathan Ward