Verio Decides what parts of the internet to drop
IMHOTS Apparently for their convenience Verio has decided what parts of the Internet I can get to. With no notification. This was (eventually) posted to the BSDI mailing list when some of us were cut from access to the site we need to maintain our OS. For this I pay them. Doug Denault -------------- "John A." wrote:
Heres a little more light on the subject. This is a message we recieved from Verio explaining why anybody that goes through their network can't get to bsdi. Because of this message, we are considering moving to a different backbone.
John A. Provide.Net Ypsilanti, MI
Date: Wed, 1 Dec 1999 01:15:07 +0000 From: Wade Moeller <wmoeller@noc.verio.net> To: smike@provide.net Cc: Case Updates <updates@vanwebserv.verio.net> Subject: [v-666704] Routing to BSDI.com X-Mailer: Mutt 0.95.1i X-Disclaimer: My opinions are mine, and not those of anyone else.
Hello there. I am writing in regards to case #666704. You have opened this ticket complaining that you cannot reach bsdi.com. I am going to explain to you exactly what is happening and who needs to fix this.
What is happening: Cray Computer Corp. split up their Class B into two /17 networks and gave routing control over those IPs to 2 different ISPs. Below are the routes being announced and the IP delegation from ARIN.
First half of the Class B: BGP routing table entry for 134.195.0.0/17, version 15625171 Paths: (7 available, best #3) Advertised to peer-groups: internal pop rr-pop 1 3404 165.117.56.98 (metric 33) from 165.117.1.145 (165.117.1.145) Origin incomplete, metric 4294967294, localpref 100, valid, internal Community: 1:1000 2548:183 2548:666 3706:153
Second half of the Class B: BGP routing table entry for 134.195.128.0/17, version 15624883 Paths: (19 available, best #13) Advertised to peer-groups: internal pop rr-pop 1 10487 165.117.56.98 (metric 33) from 165.117.1.145 (165.117.1.145) Origin IGP, metric 4294967294, localpref 100, valid, internal Community: 1:1000 2548:183 2548:666 3706:153
Arin Delegation: Cray Computer Corporation (NET-CRAYCOS) P.O. Box 17500 Colorado Springs, CO 80935
Netname: CRAYCOS Netnumber: 134.195.0.0
Verio has a BGP policy where we limit what announcements we will listen to when they are advertised to use. This is keep the size of the routing table in check. The policy is as follows:
0.0.0.0-127.255.255.255 Verio will listen to no announcements less then a /20 128.0.0.0-191.255.255.255 Verio will listen to no announcement less then a /16 192.0.0.0-223.255.255.255 Verio will listen to no announcement less then a /24.
We have modeled this after the allocation boundaries in use by ARIN, IE ARIN will not give out a /17 in the 128.0.0.0-191.255.255.255 IP space.
Therefore we are ignoring the two /17 announcements since we will only accept them as a single /16 announcement.
This is the current Verio policy and this is the future Verio policy. There has been much discussion of this policy and it is still in place so it will not be changing in the foreseeable future.
Who needs to fix this: As you can see the routes for each net-block is going through BBNPlanet (AS1) and then onto Colorado Internet Cooperative Association (AS3404) and Simple Network Communications, Inc. (AS10487). Those last two companies need to consolidate their announcements so that they are able to announce the entire /16. Alternatively they may ask BBNPlanet to aggregate the the /17s into one /16 which we will listen to. These are the only 2 actions that will let Verio's routers see those networks and route to them.
If you have any further questions please do not hesitate to ask.
-- Wade Moeller Network Tech I wmoeller@noc.verio.net (800)551-1630 Here an OS, there an OS....I need more computers.
-- Douglas Denault support@safeport.com Voice: 301-469-8766 Fax: 301-469-0601
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries. we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days. the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large peers do not register routes. so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public. randy
Normally I agree with Randy (cough) but: On Thu, 2 Dec 1999, Randy Bush wrote:
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
Simply put, thats dumb. I can't imagine a technical reason for this (CPU and/or memory), so it must be politcal.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
I believe that if I have a customer who is multihomed between me and another provider, his punch-throughs to the non-address-space-providing provider should be heard. It's called 'global routability.'
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large peers do not register routes.
There are ways to get around this (as-path filtering, maximum-paths, etc) that aren't as nazi as one would hope, but will prevent stupidity and provide sanity checking.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
Heh.
With no notification.
verio's policy has been constant and public.
But unfortunate. Will they announce a customer-announced /24?
On Thu, Dec 02, 1999 at 06:02:53PM -0500, Alex Rubenstein wrote:
On Thu, 2 Dec 1999, Randy Bush wrote:
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
Simply put, thats dumb. I can't imagine a technical reason for this (CPU and/or memory), so it must be politcal.
Your pager didn't go off when the routing table had 100k prefixes in it, I take it. This is a Good Thing(tm).
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
I believe that if I have a customer who is multihomed between me and another provider, his punch-throughs to the non-address-space-providing provider should be heard. It's called 'global routability.'
The people who "purchased" this space, didn't realize that such routing policies exist, and it is not the problem of someone trying to reach them, it's the problem of the person who is using address space that was not originally assigned to them.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large peers do not register routes.
There are ways to get around this (as-path filtering, maximum-paths, etc) that aren't as nazi as one would hope, but will prevent stupidity and provide sanity checking.
Maximum paths deals primarily with ibgp as-path filtering? How will this help? Oh yeah, I'll as-path filter my peers, and then have even more reacability issues.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
Heh.
With no notification.
verio's policy has been constant and public.
But unfortunate. Will they announce a customer-announced /24?
Yes. They can't guarentee that peers will listen to it though. -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE |
On Thu, 2 Dec 1999, Jared Mauch wrote:
Your pager didn't go off when the routing table had 100k prefixes in it, I take it.
This is a Good Thing(tm).
Au contriar, monfrair (sp?). I was among the first to call Vinnie.
I believe that if I have a customer who is multihomed between me and another provider, his punch-throughs to the non-address-space-providing provider should be heard. It's called 'global routability.'
The people who "purchased" this space, didn't realize that such routing policies exist, and it is not the problem of someone trying to reach them, it's the problem of the person who is using address space that was not originally assigned to them.
You misinterpreted. Multihomed customer gets a /24 of my announced /16. He's announcing that /24 to his other provider; since it is more specific the other provider will always win (BGP 101). So, for it to work, I need to allow a punch through of a /24 to my peers. And for it to _really_ work, people would have to listen to the /24 from both us and the other provider to our multihomed customer.
There are ways to get around this (as-path filtering, maximum-paths, etc) that aren't as nazi as one would hope, but will prevent stupidity and provide sanity checking.
Maximum paths deals primarily with ibgp
Well, thats patently wrong. I don't know how else to respond to this.
as-path filtering? How will this help?
It will prevent redistribution of a person who announces * to you. It won't fix everything (including the 7007 debacle, but thats a whole another story), but it will fix most fsck-ups.
Oh yeah, I'll as-path filter my peers, and then have even more reacability issues.
Tell Sprint, Agis, and others. Unless they changed since my last dealing with them.
But unfortunate. Will they announce a customer-announced /24?
Yes.
They can't guarentee that peers will listen to it though.
Well, it's a start.
Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE |
For the record BSDI has renumbered the critical parts of their network. -- Douglas Denault doug@safeport.com
jared:
Your pager didn't go off when the routing table had 100k prefixes in it, I take it.
i read about the incident on this mailing list. and, more importantly, our customers did not feel it except as inability to get to the networks which implemented routing policy via pager. alex rubenstein:
I believe that if I have a customer who is multihomed between me and another provider, his punch-throughs to the non-address-space-providing provider should be heard. It's called 'global routability.'
it is not ours to say what should be heard, i.e. what our peers accept. it is ours to say what we announce. and indeed for verio customers we are willing to announce long prefixes from other providers' spaces. heck, for multi-homed customers, we are willing to announce longer prefixes which punch holes in our own larger space, allowing them to more easily play load balancing games. randy:
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large isp to irr-filter large peers. and some large peers do not register routes. alex rubenstein: There are ways to get around this (as-path filtering, maximum-paths, etc) that aren't as nazi as one would hope, but will prevent stupidity and provide sanity checking.
many things which might work for a small 42nd tier isp do not scale to a tier one provider. and i share jared's scepticism that these hacks work for even the teenies, i.e. the 129/8 disaster was from a direct peer. randy:
verio's policy has been constant and public. alex rubenstein: But unfortunate. Will they announce a customer-announced /24? jared: Yes. They can't guarentee that peers will listen to it though.
bingo. and not to announce a customer route would preempt our peers' ingress route filtering policy choices. randy
Alex Rubenstein Sent: Thursday, December 02, 1999 3:03 PM
Normally I agree with Randy (cough) but:
On Thu, 2 Dec 1999, Randy Bush wrote:
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
Simply put, thats dumb. I can't imagine a technical reason for this (CPU and/or memory), so it must be politcal.
Nah, it's tradition.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
I believe that if I have a customer who is multihomed between me and another provider, his punch-throughs to the non-address-space-providing provider should be heard. It's called 'global routability.'
I actually have this situation right now. MHSC Colorado offices are in Colorado Springs, USWorst territory. Our CA offices are in the East SF Bay Area (down the street from LLNL). Our own IP block is a /24, from our upstream provider. Technically, we are multi-homed and have an ASN. However, no one listens to it. This is not slam against Verio, since Sprint doesn't listen to it either. They are only two of many that have such policies (as we found out later). What we wound up doing is establish a SSH VPN between our offices and the CO office uses our CA assigned IP numbers as NAT'd IP behind a USWorst IP, using a USWorst connection. Outbound packets, to the general Internet, go directly via the USWorst IP, but return packets come in over the VPN from CA. Yeah, it sux. It's a PITA and not the cleanest of methods, but until all the backbones quit filtering /24s it's what we have to do. The other alternative (and we've considered it) is to obtain a much larger space directly from ARIN and burn the unused space. Then we could remove the last bit of static routing and use BGP4 as we should.
It's a PITA and not the cleanest of methods, but until all the backbones quit filtering /24s it's what we have to do. The other alternative (and we've considered it) is to obtain a much larger space directly from ARIN and burn the unused space. Then we could remove the last bit of static routing and use BGP4 as we should.
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering? Tony
Yeay, verily. We would be happy to pay fees within reason. The SSH VPN takes a lot of maintenance and handing it over to a SysAdmin has been troublesome since it is a very non-standard means of doing this. Open-source SSH VPNs are a great hack, but [lack of] maintainability is the downfall of ALL hacks.
-----Original Message----- From: Tony Li [mailto:tony1@home.net] Sent: Friday, December 03, 1999 12:04 AM To: rmeyer@mhsc.com Cc: 'Alex Rubenstein'; 'Randy Bush'; doug@safeport.com; nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
It's a PITA and not the cleanest of methods, but until all the backbones quit filtering /24s it's what we have to do. The other alternative (and we've considered it) is to obtain a much larger space directly from ARIN and burn the unused space. Then we could remove the last bit of static routing and use BGP4 as we should.
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
Tony
On Fri, 3 Dec 1999, Roeland M.J. Meyer wrote:
We would be happy to pay fees within reason. The SSH VPN takes a lot of maintenance and handing it over to a SysAdmin has been troublesome since it is a very non-standard means of doing this. Open-source SSH VPNs are a great hack, but [lack of] maintainability is the downfall of ALL hacks.
Why not use CIPE? As for BSDI, is it possible for them to trade their /17 in to ARIN for a more likely routable one? On filtering, if Verio's filter policy is so long standing, is there a reason Sprint is the only NSP with a filter policy listed at http://www.nanog.org/filter.html ? If filter policies like Sprint's and Verio's really are common among the big backbone providers, that would seem to make it relatively pointless to attempt to multi-home with provider supplied IP space. We have a customer interested in multihoming for reliability, but they use so little IP space, even assigning them a /24 would be a stretch. Since the space we let them use is in 209.x.x.x, it seems their route wouldn't get far. So how do they make their internet connection more reliable? Use IP space from each of their providers and play games with DNS and NAT? ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
As for BSDI, is it possible for them to trade their /17 in to ARIN for a more likely routable one?
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
NO. Arin can't presume to know what is or is not routable. --bill
On Fri, 3 Dec 1999 bmanning@vacation.karoshi.com wrote:
As for BSDI, is it possible for them to trade their /17 in to ARIN for a more likely routable one?
NO. Arin can't presume to know what is or is not routable.
Assuming route filter policies are based on what the IP registries are giving out, the registries should be able to make at least good guesses as to which allocations will be routable and which will not. Since the registries have no control over backbone BGP filters, they can't guarantee routability. If there's not a good chance of their allocations being routable, then what's the point in allocating space? ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
As for BSDI, is it possible for them to trade their /17 in to ARIN for a more likely routable one?
NO. Arin can't presume to know what is or is not routable.
registries have no control over backbone BGP filters, they can't guarantee routability. If there's not a good chance of their allocations being routable, then what's the point in allocating space?
Lets back up a tad and approch from another direction. Routable by whom? One of the important (and some would say the most important) things a registry can do is keep accurate information on delegations. If a user of space does not care that its packets are visable via Sprint (to pick on an ISP at random), then why should a registry care, as long as the user of IP space is happy. The registry should be willing and able to make such a delegation and registry clients ought to be able to ensure that the registry has accurate data about them and their delegation. IMHO, registries must be blind to ISP routing policy. --bill
If filter policies like Sprint's and Verio's really are common among the big backbone providers, that would seem to make it relatively pointless to attempt to multi-home with provider supplied IP space. We have a customer interested in multihoming for reliability, but they use so little IP space, even assigning them a /24 would be a stretch. Since the space we let them use is in 209.x.x.x, it seems their route wouldn't get far. So how do they make their internet connection more reliable? Use IP space from each of their providers and play games with DNS and NAT?
Yes, or get their provider to give them a chunk of swamp space (which a few have tucked away), multihome with the same provider, or find a way to justify a routable allocation. None of these are, IMO, very good solutions. Austin
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-) and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced! randy
Without trying to talk about this specific class B incident, what would the "official" line be if a customer with their own class B designed to announce half with one transit provider on the West Coast, and the other half with another transit provider on the East Coast? I don't think I have heard of customers being required to maintain contiguous networks. Deepak Jain AiNET On Fri, 3 Dec 1999, Randy Bush wrote:
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
randy
That depends. Many operators of /24s would be happy to pay, within reason. This would provide plenty of cash to upgrade routers. Right now I am looking at ~$1000/Gbps from various colo providers, for a site that is expected to go over 1Tbps (Yes, that's a Tera-bit per second), in 18 months. The site, with Dev/QA/Stage/Production, could easily burn a /24, but no more than that. (One of our requirements is a provider with LOTS of dark-fiber and cold-potato routing, as a result.) We are looking into distributing the load geographically, which also covers Big-D disasters. Now we have a multi-homeing problem unless we use the same provider in both locations. Business-wise, this is not acceptable, to be locked-in, in this way. Considering the amount of money involved, do you still doubt that my client would be willing to pay reasonable fees, to announce their /24? Don't you think that the presence of this cash would cover the check? We've already established that the only technical issue is the capital expense ($cash$) required to upgrade backbone routers.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Randy Bush Sent: Friday, December 03, 1999 5:20 AM To: Tony Li Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
randy
Who exactly would these operators pay? one check per asn? Who is a backbone, etc, etc. Great fun if you are a lawyer I suppose. Really I think most of the operators are too busy building their networks to worry about how to give more money to lawyers and accountants. I believe there will be a BOF on "micro" allocations at the next Nanog meeting, I would be interesting in seeing the parties that benifit from this, to come up with a proposal that can determine fairly and with simple metrics determines who gets one. This is not exactly a new problem, the ARIN advisory council has been looking at it for 2 years, and no one has yet been able to come up with a policy that network providers, registries and end users could live with. In message <013601bf3db2$8714e5f0$ecaf6cc7@lvrmr.mhsc.com>, "Roeland M.J. Meye r" writes:
That depends. Many operators of /24s would be happy to pay, within reason. This would provide plenty of cash to upgrade routers. Right now I am looking at ~$1000/Gbps from various colo providers, for a site that is expected to go over 1Tbps (Yes, that's a Tera-bit per second), in 18 months. The site, with Dev/QA/Stage/Production, could easily burn a /24, but no more than that. (One of our requirements is a provider with LOTS of dark-fiber and cold-potato routing, as a result.) We are looking into distributing the load geographically, which also covers Big-D disasters. Now we have a multi-homeing problem unless we use the same provider in both locations. Business-wise, this is not acceptable, to be locked-in, in this way.
Considering the amount of money involved, do you still doubt that my client would be willing to pay reasonable fees, to announce their /24? Don't you think that the presence of this cash would cover the check? We've already established that the only technical issue is the capital expense ($cash$) required to upgrade backbone routers.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Randy Bush Sent: Friday, December 03, 1999 5:20 AM To: Tony Li Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
randy
--- jerry@fc.net
The memory for the routing tables was a deal just about 2 years ago; this became easier to maintain big tables today (when routers can be easily upgraded to 256 MB RAM). And from my point of view, the address space conservation is just much more important than preventing extra /19 or /20 routes to exist in the global Internet. You surely use plenty of money to improve throughput, not the routing tables limits. Alex. On Fri, 3 Dec 1999, Roeland M.J. Meyer wrote:
Date: Fri, 3 Dec 1999 09:19:14 -0800 From: Roeland M.J. Meyer <rmeyer@mhsc.com> To: 'Randy Bush' <randy@psg.com>, 'Tony Li' <tony1@home.net> Cc: nanog@merit.edu Subject: RE: Verio Decides what parts of the internet to drop
That depends. Many operators of /24s would be happy to pay, within reason. This would provide plenty of cash to upgrade routers. Right now I am looking at ~$1000/Gbps from various colo providers, for a site that is expected to go over 1Tbps (Yes, that's a Tera-bit per second), in 18 months. The site, with Dev/QA/Stage/Production, could easily burn a /24, but no more than that. (One of our requirements is a provider with LOTS of dark-fiber and cold-potato routing, as a result.) We are looking into distributing the load geographically, which also covers Big-D disasters. Now we have a multi-homeing problem unless we use the same provider in both locations. Business-wise, this is not acceptable, to be locked-in, in this way.
Considering the amount of money involved, do you still doubt that my client would be willing to pay reasonable fees, to announce their /24? Don't you think that the presence of this cash would cover the check? We've already established that the only technical issue is the capital expense ($cash$) required to upgrade backbone routers.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Randy Bush Sent: Friday, December 03, 1999 5:20 AM To: Tony Li Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
Agreed - At this point, even an extra 50K routes would be well within the limits of almost every provider's BGP speaking routers. Preserving the integrity of the IP address allocation process means NOT penalizing folks who want to use the smallest possible block for their multihomed enterprise. We must recognize that the paradigm for multihomed sites has changed in the last two years, from just ISPs and extremely large enterprises, to smaller electronic commerce businesses. Internet access has gone from being a luxury, to being a utility. As a practical stand, almost every ISP that has space in the old Class B space, also has CIDR space where /24s are almost universally routed. So, the e-commerce concern can always ask for some of the latter. The question is, why draw the distinction at this point? Networks should aggregate as many routes as possible, of course, but why penalize folks who don't wish to be wedded to the outdated concept of a class b network block? It's not like we're using 2501s with 16MB anymore... -------------------------------------------------------------- Daniel L. Golding * Senior Network Engineer Network Engineering * Mindspring Enterprises dgolding@mindspring.net * -------------------------------------------------------------- On Sun, 5 Dec 1999, Alex P. Rudnev wrote:
The memory for the routing tables was a deal just about 2 years ago; this became easier to maintain big tables today (when routers can be easily upgraded to 256 MB RAM). And from my point of view, the address space conservation is just much more important than preventing extra /19 or /20 routes to exist in the global Internet.
You surely use plenty of money to improve throughput, not the routing tables limits.
Alex.
On Fri, 3 Dec 1999, Roeland M.J. Meyer wrote:
Date: Fri, 3 Dec 1999 09:19:14 -0800 From: Roeland M.J. Meyer <rmeyer@mhsc.com> To: 'Randy Bush' <randy@psg.com>, 'Tony Li' <tony1@home.net> Cc: nanog@merit.edu Subject: RE: Verio Decides what parts of the internet to drop
That depends. Many operators of /24s would be happy to pay, within reason. This would provide plenty of cash to upgrade routers. Right now I am looking at ~$1000/Gbps from various colo providers, for a site that is expected to go over 1Tbps (Yes, that's a Tera-bit per second), in 18 months. The site, with Dev/QA/Stage/Production, could easily burn a /24, but no more than that. (One of our requirements is a provider with LOTS of dark-fiber and cold-potato routing, as a result.) We are looking into distributing the load geographically, which also covers Big-D disasters. Now we have a multi-homeing problem unless we use the same provider in both locations. Business-wise, this is not acceptable, to be locked-in, in this way.
Considering the amount of money involved, do you still doubt that my client would be willing to pay reasonable fees, to announce their /24? Don't you think that the presence of this cash would cover the check? We've already established that the only technical issue is the capital expense ($cash$) required to upgrade backbone routers.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Randy Bush Sent: Friday, December 03, 1999 5:20 AM To: Tony Li Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
Wouldn't it be nice if backbones got around to simply charging for annoucements and quit this arbitrary filtering?
thanks geoff. :-)
and how would charging for announcements have ameliorated the 129/8 disaster? ahhh, when they tried to announce those 50k /24s, the check would have bounced!
Thanks Sean! ;-) Let us please be very clear here. There are multiple problems. First, there is the problem of overall size of the routing table (and proportional costs in BGP processing and convergence time, etc.). Second, there is a reasonable requirement for sanity checking and authentication in announcements. Third, there is an alleged correlation between prefix length and route flap. We currently have one hammer (filtering) that has been used to drive the above machine screw, ice piton, and cup hook, respectively. I was not and am not suggesting that anyone stop all filtering. I am suggesting that a sane prefix settlement scheme would allow us to dispense with the filtering policies that are currently in place and would allow the backbone to globally distribute any prefix, regardless of prefix length, if only the originator has paid enough money and informed people first. You want to inject a /32? Go right ahead. Send your check to your provider and it can be made to happen. This is the only sane mechanism to divide up a limited resource (global prefix slots) amongst an otherwise unlimited demand (domains with prefixes). Now I don't claim to be a policy wonk and I don't have the slightest idea of how to make this equitable and fair for all, but I do know that this would result in an outcome that would give us routing tables far smaller than our current 67k entries. I'll also note that this would also decrease the pressure on the address space. No need to go get a /19 if I can get my /23 globally advertised. The sanity checking and policy checking requirements would indeed require filtering, but perhaps this is simply an extension of filtering any advertisements that you haven't received payment for. This will prevent you from accidentally receiving 50k of anything, not just /24's. The correlation with route flap should be re-examined. I suspect that this is no longer a driving force and is more than adequately compensated for by having flap damping parameters that scale geometrically with the prefix length. Regards, Tony
It should be your problem. You simply loss the part of connectivity... The real world is more complex than you drawn below. There is many reasons causing people to announce class-B networks with the short prefixes. On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large peers do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
I've been lurking and looking at this conversation too long ... my head is spinning. Alex says there are many reasons causing people to announce B nets with short prefixes, and he is entirely right. The primary one would be that a client, by some inexplicable reasoning, expects their Internet service to be up and running reliably at least 95% of the time. The disturbing message I have been able to glean from this thread is that: - If you need reliability, get a /19 - If you are a small customer, using only a /24 for connectivity (and thus helping to slow depletion) you are not BIG enough to expect multi-path reliability into your network - If you are a big provider, not only do you not have to provide a consistent level of service to your customers, but you are free to block them (and anyone else from other providers) arbitrarily when they spend a good deal of money to augment your service with someone else's The gist of the conversation, IMO, is that customers can't have reliability with one provider, but they will be blocked from having reliability through multiple providers if their addresses happen to be in the "wrong" space. Something's wrong with that. Cheers. Travis Eeeevillll consultant ----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Randy Bush <rbush@bainbridge.verio.net> Cc: <doug@safeport.com>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 5:08 PM Subject: Re: Verio Decides what parts of the internet to drop
It should be your problem. You simply loss the part of connectivity...
The real world is more complex than you drawn below. There is many reasons causing people to announce class-B networks with the short prefixes.
On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to
major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large
have peers
do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
The unfortunate reality is that there are a lot of businesses that need 99.99% reliability and uptime, but aren't big enough to get a /19. My previous company was a credit card processing gateway. If they went down, their customers were screwed. But they hadn't even used a Class C, so they weren't eligible for a /19 or /20 from ARIN. My point is that the current requirement that a network must have a large chunck of IP space to be multi-homed is not ideal. According to the status quo, while an e-commerce company such as a credit card processor may be big in the business world and worth millions, but insignificant on the Net and left vulnerable because it can't be multi-homed. -- James Smith, CCNA Network/System Administrator DXSTORM.COM http://www.dxstorm.com/ DXSTORM Inc. 2140 Winston Park Drive, Suite 203 Oakville, ON, CA L6H 5V5 Tel: 905-829-3389 (email preferred) Fax: 905-829-5692 1-877-DXSTORM (1-877-397-8676) On Sat, 4 Dec 1999, Travis Pugh wrote:
I've been lurking and looking at this conversation too long ... my head is spinning. Alex says there are many reasons causing people to announce B nets with short prefixes, and he is entirely right. The primary one would be that a client, by some inexplicable reasoning, expects their Internet service to be up and running reliably at least 95% of the time.
The disturbing message I have been able to glean from this thread is that:
- If you need reliability, get a /19 - If you are a small customer, using only a /24 for connectivity (and thus helping to slow depletion) you are not BIG enough to expect multi-path reliability into your network - If you are a big provider, not only do you not have to provide a consistent level of service to your customers, but you are free to block them (and anyone else from other providers) arbitrarily when they spend a good deal of money to augment your service with someone else's
The gist of the conversation, IMO, is that customers can't have reliability with one provider, but they will be blocked from having reliability through multiple providers if their addresses happen to be in the "wrong" space. Something's wrong with that.
Cheers.
Travis Eeeevillll consultant
----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Randy Bush <rbush@bainbridge.verio.net> Cc: <doug@safeport.com>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 5:08 PM Subject: Re: Verio Decides what parts of the internet to drop
It should be your problem. You simply loss the part of connectivity...
The real world is more complex than you drawn below. There is many reasons causing people to announce class-B networks with the short prefixes.
On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to
major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large
have peers
do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
The unfortunate reality is that there are a lot of businesses that need 99.99% reliability and uptime, but aren't big enough to get a /19.
My previous company was a credit card processing gateway. If they went down, their customers were screwed. But they hadn't even used a Class C, so they weren't eligible for a /19 or /20 from ARIN.
My point is that the current requirement that a network must have a large chunck of IP space to be multi-homed is not ideal. According to the status quo, while an e-commerce company such as a credit card processor may be big in the business world and worth millions, but insignificant on the Net and left vulnerable because it can't be multi-homed.
-- James Smith, CCNA Network/System Administrator DXSTORM.COM
DXSTORM Inc. 2140 Winston Park Drive, Suite 203 Oakville, ON, CA L6H 5V5 Tel: 905-829-3389 (email preferred) Fax: 905-829-5692 1-877-DXSTORM (1-877-397-8676)
On Sat, 4 Dec 1999, Travis Pugh wrote:
I've been lurking and looking at this conversation too long ... my head
is
spinning. Alex says there are many reasons causing people to announce B nets with short prefixes, and he is entirely right. The primary one would be that a client, by some inexplicable reasoning, expects their Internet service to be up and running reliably at least 95% of the time.
The disturbing message I have been able to glean from this thread is
- If you need reliability, get a /19 - If you are a small customer, using only a /24 for connectivity (and
helping to slow depletion) you are not BIG enough to expect multi-path reliability into your network - If you are a big provider, not only do you not have to provide a consistent level of service to your customers, but you are free to block them (and anyone else from other providers) arbitrarily when they spend a good deal of money to augment your service with someone else's
The gist of the conversation, IMO, is that customers can't have reliability with one provider, but they will be blocked from having reliability
multiple providers if their addresses happen to be in the "wrong" space. Something's wrong with that.
Cheers.
Travis Eeeevillll consultant
----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Randy Bush <rbush@bainbridge.verio.net> Cc: <doug@safeport.com>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 5:08 PM Subject: Re: Verio Decides what parts of the internet to drop
It should be your problem. You simply loss the part of connectivity...
The real world is more complex than you drawn below. There is many
reasons
causing people to announce class-B networks with the short prefixes.
On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of
Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of
As a side note, the filtering policies would seem to attach more value to addresses in the old class C space, as it is feasible for a customer to multihome and get through filters with these addresses. Has anyone seen any amount of service provider selection based on which address space they would allocate from? Travis ----- Original Message ----- From: James Smith <jsmith@dxstorm.com> To: Travis Pugh <tdp@discombobulated.net> Cc: Alex P. Rudnev <alex@virgin.relcom.eu.net>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 7:21 PM Subject: Re: Verio Decides what parts of the internet to drop that: thus through the the
down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large
net peers
do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
may be - but it shoudl be written in the RFC, not in the VERIO's policy. The global policy must be THE SAME over the global Internet. On Sat, 4 Dec 1999, Travis Pugh wrote:
Date: Sat, 4 Dec 1999 18:44:08 -0500 From: Travis Pugh <tdp@discombobulated.net> To: Alex P. Rudnev <alex@virgin.relcom.eu.net> Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
I've been lurking and looking at this conversation too long ... my head is spinning. Alex says there are many reasons causing people to announce B nets with short prefixes, and he is entirely right. The primary one would be that a client, by some inexplicable reasoning, expects their Internet service to be up and running reliably at least 95% of the time.
The disturbing message I have been able to glean from this thread is that:
- If you need reliability, get a /19 - If you are a small customer, using only a /24 for connectivity (and thus helping to slow depletion) you are not BIG enough to expect multi-path reliability into your network - If you are a big provider, not only do you not have to provide a consistent level of service to your customers, but you are free to block them (and anyone else from other providers) arbitrarily when they spend a good deal of money to augment your service with someone else's
The gist of the conversation, IMO, is that customers can't have reliability with one provider, but they will be blocked from having reliability through multiple providers if their addresses happen to be in the "wrong" space. Something's wrong with that.
Cheers.
Travis Eeeevillll consultant
----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Randy Bush <rbush@bainbridge.verio.net> Cc: <doug@safeport.com>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 5:08 PM Subject: Re: Verio Decides what parts of the internet to drop
It should be your problem. You simply loss the part of connectivity...
The real world is more complex than you drawn below. There is many reasons causing people to announce class-B networks with the short prefixes.
On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of the Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to
major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of the net down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large
have peers
do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
may be - but it shoudl be written in the RFC, not in the VERIO's policy. The global policy must be THE SAME over the global Internet.
On Sat, 4 Dec 1999, Travis Pugh wrote:
Date: Sat, 4 Dec 1999 18:44:08 -0500 From: Travis Pugh <tdp@discombobulated.net> To: Alex P. Rudnev <alex@virgin.relcom.eu.net> Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
I've been lurking and looking at this conversation too long ... my head is spinning. Alex says there are many reasons causing people to announce B nets with short prefixes, and he is entirely right. The primary one would be that a client, by some inexplicable reasoning, expects their Internet service to be up and running reliably at least 95% of the time.
The disturbing message I have been able to glean from this thread is
- If you need reliability, get a /19 - If you are a small customer, using only a /24 for connectivity (and
helping to slow depletion) you are not BIG enough to expect multi-path reliability into your network - If you are a big provider, not only do you not have to provide a consistent level of service to your customers, but you are free to block them (and anyone else from other providers) arbitrarily when they spend a good deal of money to augment your service with someone else's
The gist of the conversation, IMO, is that customers can't have reliability with one provider, but they will be blocked from having reliability
multiple providers if their addresses happen to be in the "wrong" space. Something's wrong with that.
Cheers.
Travis Eeeevillll consultant
----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Randy Bush <rbush@bainbridge.verio.net> Cc: <doug@safeport.com>; <nanog@merit.edu> Sent: Saturday, December 04, 1999 5:08 PM Subject: Re: Verio Decides what parts of the internet to drop
It should be your problem. You simply loss the part of connectivity...
The real world is more complex than you drawn below. There is many
reasons
causing people to announce class-B networks with the short prefixes.
On Thu, 2 Dec 1999, Randy Bush wrote:
Date: Thu, 02 Dec 1999 13:00:17 -0800 From: Randy Bush <rbush@bainbridge.verio.net> To: doug@safeport.com Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
Apparently for their convenience Verio has decided what parts of
Internet I can get to.
verio does not accept from peers announcements of prefixes in classic b space longer than the allocations of the regional registries.
we believe our customers and the internet as a whole will be less inconvenienced by our not listening to sub-allocation prefixes than to have major portions of the network down as has happened in the past. some here may remember the 129/8 disaster which took significant portions of
Absolutely. A standard would give ground rules, and would be something to point to when you have to go to a client or customer and say "these are your options." Instead, we are looking at a routing system where some traffic will flow on some networks if it is a longer subnet of a class B address, and will not flow on some networks based on arbitrary filter decisions. Some kind of RFC based consistency would be great. Cheers. Travis ----- Original Message ----- From: Alex P. Rudnev <alex@virgin.relcom.eu.net> To: Travis Pugh <tdp@discombobulated.net> Cc: <nanog@merit.edu> Sent: Sunday, December 05, 1999 2:56 AM Subject: Re: Verio Decides what parts of the internet to drop that: thus through the the
down for up to two days.
the routing databases are not great, and many routers can not handle ACLs big enough to allow a large to irr filter large peers. and some large
net peers
do not register routes.
so we and others filter at allocation boundaries and have for a long time. we assure you we do not do it without serious consideration or to torture nanog readers.
With no notification.
verio's policy has been constant and public.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
Yes, you are quite right. Today, the policies of the bigest ISP does replace such RFC's. It's not the worst case. Alex. On Sun, 5 Dec 1999, Randy Bush wrote:
Date: Sun, 05 Dec 1999 08:59:28 -0800 From: Randy Bush <randy@psg.com> To: Alex P. Rudnev <alex@virgin.relcom.eu.net> Cc: nanog@merit.edu Subject: Re: Verio Decides what parts of the internet to drop
may be - but it shoudl be written in the RFC, not in the VERIO's policy. The global policy must be THE SAME over the global Internet.
why?
and a hint: something similar is in most large isps' policies.
randy
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
doug@safeport.com wrote:
IMHOTS
Apparently for their convenience Verio has decided what parts of the Internet I can get to. With no notification. This was (eventually) posted to the BSDI mailing list when some of us were cut from access to the site we need to maintain our OS.
Actually, this is a fairly common routing policy. I think you will find other networks do the same thing. It is an entirely sane thing to do, and it helps force people to aggregate their routing announcements properly. Also, it protects you against fat-fingers that people sometimes do (one time UUnet announced 50k extra /24s in classful B space). Alec -- Alec H. Peterson - ahp@hilander.com Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
Date: Wed, 1 Dec 1999 01:15:07 +0000 From: Wade Moeller <wmoeller@noc.verio.net> To: smike@provide.net Cc: Case Updates <updates@vanwebserv.verio.net> ......
BBNPlanet (AS1) and then onto Colorado Internet Cooperative Association (AS3404) and Simple Network Communications, Inc. (AS10487). Those last two companies need to consolidate their announcements so that they are able to announce the entire /16. Alternatively they may ask BBNPlanet to aggregate the the /17s into one /16 which we will listen to. These are the only 2 actions that will let Verio's routers see those networks and route to them.
-- Wade Moeller Network Tech I wmoeller@noc.verio.net (800)551-1630
Alternativly, 3404 & 10487 could insist that Verio consolidate all the prefixes they announce into no more than eight prefixes. Verio seems to be pushing back on ARIN, which has clearly stated that any delegations it makes have no assurance of routablity. Thats not fair to ARIN. Just my 0.02 yuan
Btw, it's crazy idea. I know a lot of 128-191.* networks with /19 and even /24 prefixes, and they should be routed independently. On Thu, 2 Dec 1999 doug@safeport.com wrote:
Date: Thu, 02 Dec 1999 15:46:15 -0500 From: doug@safeport.com To: nanog@merit.edu Subject: Verio Decides what parts of the internet to drop
IMHOTS
Apparently for their convenience Verio has decided what parts of the Internet I can get to. With no notification. This was (eventually) posted to the BSDI mailing list when some of us were cut from access to the site we need to maintain our OS.
For this I pay them.
Doug Denault --------------
"John A." wrote:
Heres a little more light on the subject. This is a message we recieved from Verio explaining why anybody that goes through their network can't get to bsdi. Because of this message, we are considering moving to a different backbone.
John A. Provide.Net Ypsilanti, MI
Date: Wed, 1 Dec 1999 01:15:07 +0000 From: Wade Moeller <wmoeller@noc.verio.net> To: smike@provide.net Cc: Case Updates <updates@vanwebserv.verio.net> Subject: [v-666704] Routing to BSDI.com X-Mailer: Mutt 0.95.1i X-Disclaimer: My opinions are mine, and not those of anyone else.
Hello there. I am writing in regards to case #666704. You have opened this ticket complaining that you cannot reach bsdi.com. I am going to explain to you exactly what is happening and who needs to fix this.
What is happening: Cray Computer Corp. split up their Class B into two /17 networks and gave routing control over those IPs to 2 different ISPs. Below are the routes being announced and the IP delegation from ARIN.
First half of the Class B: BGP routing table entry for 134.195.0.0/17, version 15625171 Paths: (7 available, best #3) Advertised to peer-groups: internal pop rr-pop 1 3404 165.117.56.98 (metric 33) from 165.117.1.145 (165.117.1.145) Origin incomplete, metric 4294967294, localpref 100, valid, internal Community: 1:1000 2548:183 2548:666 3706:153
Second half of the Class B: BGP routing table entry for 134.195.128.0/17, version 15624883 Paths: (19 available, best #13) Advertised to peer-groups: internal pop rr-pop 1 10487 165.117.56.98 (metric 33) from 165.117.1.145 (165.117.1.145) Origin IGP, metric 4294967294, localpref 100, valid, internal Community: 1:1000 2548:183 2548:666 3706:153
Arin Delegation: Cray Computer Corporation (NET-CRAYCOS) P.O. Box 17500 Colorado Springs, CO 80935
Netname: CRAYCOS Netnumber: 134.195.0.0
Verio has a BGP policy where we limit what announcements we will listen to when they are advertised to use. This is keep the size of the routing table in check. The policy is as follows:
0.0.0.0-127.255.255.255 Verio will listen to no announcements less then a /20 128.0.0.0-191.255.255.255 Verio will listen to no announcement less then a /16 192.0.0.0-223.255.255.255 Verio will listen to no announcement less then a /24.
We have modeled this after the allocation boundaries in use by ARIN, IE ARIN will not give out a /17 in the 128.0.0.0-191.255.255.255 IP space.
Therefore we are ignoring the two /17 announcements since we will only accept them as a single /16 announcement.
This is the current Verio policy and this is the future Verio policy. There has been much discussion of this policy and it is still in place so it will not be changing in the foreseeable future.
Who needs to fix this: As you can see the routes for each net-block is going through BBNPlanet (AS1) and then onto Colorado Internet Cooperative Association (AS3404) and Simple Network Communications, Inc. (AS10487). Those last two companies need to consolidate their announcements so that they are able to announce the entire /16. Alternatively they may ask BBNPlanet to aggregate the the /17s into one /16 which we will listen to. These are the only 2 actions that will let Verio's routers see those networks and route to them.
If you have any further questions please do not hesitate to ask.
-- Wade Moeller Network Tech I wmoeller@noc.verio.net (800)551-1630 Here an OS, there an OS....I need more computers.
-- Douglas Denault support@safeport.com Voice: 301-469-8766 Fax: 301-469-0601
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
participants (17)
-
Alec H. Peterson
-
Alex P. Rudnev
-
Alex Rubenstein
-
Austin Schutz
-
bmanning@vacation.karoshi.com
-
Daniel Golding
-
Deepak Jain
-
doug@safeport.com
-
James Smith
-
Jared Mauch
-
Jeremy Porter
-
jlewis@lewis.org
-
Randy Bush
-
Randy Bush
-
Roeland M.J. Meyer
-
Tony Li
-
Travis Pugh