-----BEGIN PGP SIGNED MESSAGE----- On 20 May 2000, Sean Donelan wrote:
On Sat, 20 May 2000, Patrick Evans wrote:
And then watch certain tier-Ns filter out your routes?
As far as I know, every provider has relented and will accept announcements on ARIN/RIPE/APNIC allocation bounderies. Even the original Sprint access-list 112 was modified to match the allocations.
The problem was people wanted to announce smaller blocks than the allocation, e.g. /24's out of traditional class B/16 space.
Could I ask a question related to this topic? I have been getting varying answers and presume the accurate answer will come from this list. My company has a /20 out of the traditional Class C space. We want to use those addresses rather than the addresses our ISP would give us. We have asked the ISP if they can announce a /24 out of that block, and they have said "sure". However, I have read here about announcement filtering. Will certain providers filter that /24? We have two reasons for using our own space. First, we can get redundancy by connecting with two ISPs and having them both announce the network (or have one announce if the other dies). Second, we can carve up our /20 in /24s and use them for different Internet POPs for our company (e.g. one in the states, one in Europe, one in the Pacific Rim, etc.). I am primarily a security person but unfortunately our LAN and WAN people know less about this than I so I am trying to decide what we should do. Any help or information about the logical design I mentioned would be greatly appreciated. Matt - -- Matthew S. Cramer <mscramer@armstrong.com> Office: 717-396-5032 Lead Security Analyst Fax: 717-396-5590 Armstrong Information Technology Services Pager: 888-769-9367 Armstrong World Industries, Inc. Cell: 717-951-0141 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: ascii iQEVAwUBOT0viQdAU78fakRxAQFHkwf9E2+o+eae5wJLebN2yvTtOeMwY1feV47j lc59rDE00CFa0ABjWZMVIkam0mkpnk98oazBcx5WVs3iJEOJz0C1/Au34ehoFB5H NHV0nYci0+eDxqBaTvb4RElevnrihR0zuQntXyrRsAXYszblC56PiZzcguJ9p62p bO/ddK46bV3TVlhWgAFhtIrdSMRE2OpkgkUCS2CahMnytqGLrLwx4PpUAVv7Smcf XJedFFYrpkxHFgwfK1jGyTNwFMZIzwXZ1zkH3dnYv61hd52rEnSMFZCBuMUn3/+1 E7QryTbkanG7Sl3LyEDSS3LqaiOeEtatLxKxaIQHYayMAcFKylJerw== =xsOu -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Matt Cramer wrote:
My company has a /20 out of the traditional Class C space. We want to use those addresses rather than the addresses our ISP would give us. We have asked the ISP if they can announce a /24 out of that block, and they have said "sure". However, I have read here about announcement filtering.
Will certain providers filter that /24? We have two reasons for using our own space. First, we can get redundancy by connecting with two ISPs and having them both announce the network (or have one announce if the other dies).
Multi-homing redundancy is a good thing, assuming that you have undertaken multiple service entrances to your facilities, and prevented your circuits from being "groomed" into the same cable elsewhere. Several such concerns have been described recently on this list. Otherwise, your multi-homing makes no sense. Experience has shown that failures are more likely to occur in your local facilities than in the provider(s).
Second, we can carve up our /20 in /24s and use them for different Internet POPs for our company (e.g. one in the states, one in Europe, one in the Pacific Rim, etc.).
A /20 that is split up into /24s should be filtered! REMEMBER: IP addresses are related to network TOPOLOGY, not your company administration. Dividing a set of "related" addresses into unrelated topology (split by oceans) increases the routing costs of everyone else.
I am primarily a security person but unfortunately our LAN and WAN people know less about this than I so I am trying to decide what we should do. Any help or information about the logical design I mentioned would be greatly appreciated.
What you should do is this: look up the adjacent /20 and offer to give them the addresses. They might make better use of them. (I cannot tell which /20 you might be talking about, as you don't seem to use them for your DNS, using ATT, PSI, and others instead.) BTW: I see that your company is a major DNS polluter, registering many business terms in .com .net and .org, and pirating the ArmstrongSucks .com .net .org. No actual servers seem to be present.... Are there really international .net operators that hate Armstrong? And your company funds and hosts the discussion? -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 iQCVAwUBOT0+P9m/qMj6R+sxAQHZ9wQAzapYaxxTdxXq51n23qtezTmNoNi/WnoA ugAaHWaXwdhgm9nkLtVLRYpWoL4ZN1Owl0gyNheyvAaUHwrmnxgdbYBdKeggRvRa 8UxK4zh8O/wQpTVKhwpl2Ywg7/YwSdHk9/o2suN+OlX8ddBIm2rrdWRjshj38GbD WrYWA9mfJhQ= =ilMq -----END PGP SIGNATURE-----
Also sprach William Allen Simpson
Matt Cramer wrote:
My company has a /20 out of the traditional Class C space. We want to use those addresses rather than the addresses our ISP would give us. We have asked the ISP if they can announce a /24 out of that block, and they have said "sure". However, I have read here about announcement filtering.
Will certain providers filter that /24? We have two reasons for using our own space. First, we can get redundancy by connecting with two ISPs and having them both announce the network (or have one announce if the other dies).
Multi-homing redundancy is a good thing, assuming that you have undertaken multiple service entrances to your facilities, and prevented your circuits from being "groomed" into the same cable elsewhere. Several such concerns have been described recently on this list.
Otherwise, your multi-homing makes no sense.
To the contrary. It doesn't make "no" sense...though it may make your multi-homing less effective than you hoped for.
Experience has shown that failures are more likely to occur in your local facilities than in the provider(s).
Maybe your experience...certainly not mine. The vast majority of downtime for IgLou is a result of upstream providers of some sort (LEC, IXC, ISP; usually ISP). Let's put a YMMV on this, shall we?
Second, we can carve up our /20 in /24s and use them for different Internet POPs for our company (e.g. one in the states, one in Europe, one in the Pacific Rim, etc.).
A /20 that is split up into /24s should be filtered!
Yet another overbroad statement.
REMEMBER: IP addresses are related to network TOPOLOGY, not your company administration. Dividing a set of "related" addresses into unrelated topology (split by oceans) increases the routing costs of everyone else.
Right, if their network topology (divided by oceans) connects to the Internet in multiple places, there will be multiple places announcing routes. Is it more efficient for all involved if they carve a /20 into smaller blocks, which at least have some chance of being aggregated at some point, or to use totally seperated blocks that have no chance of ever getting aggregated? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
participants (3)
-
Jeff Mcadams
-
Matt Cramer
-
William Allen Simpson