Re: Re: What is the most standard subnet length on internet
Hi all, I appreciate many people gave me advices, Some of persons asked me about my questions, I'm sorry for that I couldn't reply to everyone. Because of your help, I could get many opinions and standards regarding IP allocation policy. by the way, in APNIC's IP allocation sizes policy, there is a comments like below. "Below are the minimum sizes for allocations and assignments, This information is provided at the request of the ISP community to assist in filtering policy decisions " Currently, is there any provider filtering routes under LIR's minimum allocation size such as /22 ? Best regards, ============================================= Chi-Young Joung SAMSUNG NETWORKS Inc. Email: lionair@samsung.com Tel +82 70 7015 0623, Mobile +82 17 520 9193 Fax +82 70 7016 0031 ============================================= ------- Original Message ------- Sender : Danny McPherson<danny@tcb.net> Date : 2008-12-21 02:42 (GMT+09:00) Title : Re: What is the most standard subnet length on internet On Dec 18, 2008, at 9:43 PM, 정치영 wrote:
Suresh,
Yes, I guess my concern is close to the second meaning.
It seems so simple. Currently annoucement of /24 seems to be okey, most upstream providers accept this. However I wonder if there is any ground rule based on any standard or official recommandation. If there is some standardized rule about prefix length to be annouced, I will make my bgp & IP allocation policy of each data center of my company, and I will be able to more fairly and squarely speak to my customer like this "You have to change your server's IP address if you want move your server to other place"
Some useful guidance is provided here (and in subsequent references) as well: An Architecture for IP Address Allocation with CIDR <http://tools.ietf.org/html/rfc1518> Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy <http://tools.ietf.org/html/rfc1519> Network Renumbering Overview <http://tools.ietf.org/html/rfc2071> A Framework for Inter-Domain Route Aggregation <http://tools.ietf.org/html/rfc2519> HTH, -danny
정치영 wrote:
Hi all,
I appreciate many people gave me advices, Some of persons asked me about my questions, I'm sorry for that I couldn't reply to everyone. Because of your help, I could get many opinions and standards regarding IP allocation policy.
by the way, in APNIC's IP allocation sizes policy, there is a comments like below. "Below are the minimum sizes for allocations and assignments, This information is provided at the request of the ISP community to assist in filtering policy decisions " Currently, is there any provider filtering routes under LIR's minimum allocation size such as /22 ?
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes. ~Seth
On 23/12/2008, at 1:31 PM, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes.
People are filtering /24s without a 0/0 route? -- Nathan Ward
Nathan Ward wrote:
On 23/12/2008, at 1:31 PM, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes.
People are filtering /24s without a 0/0 route?
I was just referring to LIR boundaries, but yes, I've seen it happen where someone splits their /22 into only /24s and doesn't announce the covering /22. ~Seth
On 23/12/2008, at 2:24 PM, Seth Mattinen wrote:
Nathan Ward wrote:
On 23/12/2008, at 1:31 PM, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes. People are filtering /24s without a 0/0 route?
I was just referring to LIR boundaries, but yes, I've seen it happen where someone splits their /22 into only /24s and doesn't announce the covering /22.
Yes, it happens all the time. Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route? I mean the networks who receive those prefixes, not the ones who advertise them. -- Nathan Ward
On Tue, Dec 23, 2008 at 02:34:39PM +1300, Nathan Ward wrote: [snip]
Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route?
of course. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
On 23/12/2008, at 2:39 PM, Joe Provo wrote:
On Tue, Dec 23, 2008 at 02:34:39PM +1300, Nathan Ward wrote: [snip]
Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route?
of course.
Curiously, it was really meant as a rhetorical question where the answer was "no". Why are people doing this? Are they lacking clue, or, is there some reasonable purpose? -- Nathan Ward
BGP Hijacking. Fully peered network A accepts routes from its peers based on prefix allocation to AS maps. Network B, which is either pathological (criminal, or bent on censorship) or lacking clue, propagates /24 subnet of Network C's CIDR (Pakistan/YouTube anyone). If network A accepts Network B's announcement, then connectivity from network A to the /24 announced by Network B (which isn't really connected to network B) is either lost, or worse, hijacked.
-----Original Message----- From: Nathan Ward [mailto:nanog@daork.net] Sent: Monday, December 22, 2008 5:45 PM To: nanog list Subject: Re: What is the most standard subnet length on internet
On 23/12/2008, at 2:39 PM, Joe Provo wrote:
On Tue, Dec 23, 2008 at 02:34:39PM +1300, Nathan Ward wrote: [snip]
Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route?
of course.
Curiously, it was really meant as a rhetorical question where the answer was "no".
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
-- Nathan Ward
On Tue, 23 Dec 2008 14:44:46 +1300, Nathan Ward said:
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
The total number of routing cluons is apparently a fixed quantity. The number of AS's is known to be increasing. Do the math.
Snarky replies aside, it might be interesting to hear if there are any real examples of this being done intentionally and not out of not knowing better or otherwise configuration error. For example, Tomas Byrnes's suggestion re: hijacking; although, I suspect that in that case, he's speaking of someone doing this filtering on a one-off basis and not on all /24's in the DFZ. - S -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Monday, December 22, 2008 10:05 PM To: Nathan Ward Cc: nanog list Subject: Re: What is the most standard subnet length on internet On Tue, 23 Dec 2008 14:44:46 +1300, Nathan Ward said:
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
The total number of routing cluons is apparently a fixed quantity. The number of AS's is known to be increasing. Do the math.
I help a buddy who works for a small ISP. I believe they're ignoring or null routing large chunks of APNIC. Their customers are aware of the policy, and cool with it. Port scanning and other malicious stuff dropped 50% afterwards. Chuck -----Original Message----- From: Skywing [mailto:Skywing@valhallalegends.com] Sent: Monday, December 22, 2008 10:08 PM To: Valdis.Kletnieks@vt.edu; Nathan Ward Cc: nanog list Subject: RE: What is the most standard subnet length on internet Snarky replies aside, it might be interesting to hear if there are any real examples of this being done intentionally and not out of not knowing better or otherwise configuration error. For example, Tomas Byrnes's suggestion re: hijacking; although, I suspect that in that case, he's speaking of someone doing this filtering on a one-off basis and not on all /24's in the DFZ. - S -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Monday, December 22, 2008 10:05 PM To: Nathan Ward Cc: nanog list Subject: Re: What is the most standard subnet length on internet On Tue, 23 Dec 2008 14:44:46 +1300, Nathan Ward said:
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
The total number of routing cluons is apparently a fixed quantity. The number of AS's is known to be increasing. Do the math.
On 23/12/2008, at 6:40 PM, Church, Charles wrote:
I help a buddy who works for a small ISP. I believe they're ignoring or null routing large chunks of APNIC. Their customers are aware of the policy, and cool with it. Port scanning and other malicious stuff dropped 50% afterwards.
That sort of thing is common, sure (unfortunately). My question (comment?) is more around why people would filter /24 (or whatever) prefixes (ie. when advertised a /24 prefix over BGP not accept it, so they do not get a route for that /24), and then not have a default. That route is used for outgoing packets, not incoming ones (modulo RPF, etc.). The purpose of filtering the /24s is to keep the size of their RIB/FIB down, not to limit abuse or something. If you are close to the edge of the network, filtering /24s is a low hanging fruit way to catch a whole lot of pointless routes that don't really gain you much performance benefit, but are going to cost you lots of RIB/FIB space. However, you really need to have a covering default, so you still have some way to reach the people in those /24s.
From: Skywing [mailto:Skywing@valhallalegends.com]
Snarky replies aside, it might be interesting to hear if there are any real examples of this being done intentionally and not out of not knowing better or otherwise configuration error. For example, Tomas Byrnes's suggestion re: hijacking; although, I suspect that in that case, he's speaking of someone doing this filtering on a one-off basis and not on all /24's in the DFZ.
Yep, that is what I'm interested in. It would be perhaps an interesting exercise to only accept prefixes for which you do not have a covering prefix with the same next-hop, etc. I wonder if router vendors already do that internally as an optimisation when installing routes in to the forwarding hardware? You would have to still have the routes in your RIB but RIB RAM is cheap(er). -- Nathan Ward
What I was describing is filtering the announcements of /24s that are part of larger allocations. Not filtering the announcements of "The Swamp".
-----Original Message----- From: Skywing [mailto:Skywing@valhallalegends.com] Sent: Monday, December 22, 2008 7:08 PM To: Valdis.Kletnieks@vt.edu; Nathan Ward Cc: nanog list Subject: RE: What is the most standard subnet length on internet
Snarky replies aside, it might be interesting to hear if there are any real examples of this being done intentionally and not out of not knowing better or otherwise configuration error. For example, Tomas Byrnes's suggestion re: hijacking; although, I suspect that in that case, he's speaking of someone doing this filtering on a one-off basis and not on all /24's in the DFZ.
- S
-----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Monday, December 22, 2008 10:05 PM To: Nathan Ward Cc: nanog list Subject: Re: What is the most standard subnet length on internet
On Tue, 23 Dec 2008 14:44:46 +1300, Nathan Ward said:
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
The total number of routing cluons is apparently a fixed quantity. The number of AS's is known to be increasing. Do the math.
Nathan Ward wrote:
Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route?
of course.
Curiously, it was really meant as a rhetorical question where the answer was "no".
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
Memory mostly I think. /24 prefixes are ~ the half of all prefixes, but they cover only a small percent of the address space. If your router has > 6 full BGP sessions, you can filter /24 on half of them, your memory usage will drop significantly. -- Grzegorz Janoszka Leaseweb
Also one of the reason why not putting default route may be because of recursive lookup from routing table. If you have multi-homed site within your network with static route, and if you use next-hop IP address instead of named interface, you will see the problem when you have default route in routing table. For an example, if you have "ip route 1.0.0.0 255.0.0.0 2.2.2.2". If the interface for 2.2.2.2 is down, 1.0.0.0/8 will be still be in the routing table because 2.2.2.2 can be reached via default route (0.0.0.0/0) from routing table recursive lookup. Therefore the traffic for 1.0.0.0/8 will be forwarded to "0.0.0.0/0" next-hop ip address, and customer fail-over scenario will not be working at all. Only way to resolve this problem is... Actually three... 1) Use named interface such as "serial 1/0" instead of "x.x.x.x" IP next-hop address. But sometimes this is not an option if you use ethernet circuit or something like Broadcast or NBMA network. 2) Use BGP with private ASN... 3) Do not install default route in your routing table Grzegorz Janoszka wrote:
Nathan Ward wrote:
Let me rephrase; Are there people who are filtering /24s received from eBGP peers who do not have a default route?
of course.
Curiously, it was really meant as a rhetorical question where the answer was "no".
Why are people doing this? Are they lacking clue, or, is there some reasonable purpose?
Memory mostly I think. /24 prefixes are ~ the half of all prefixes, but they cover only a small percent of the address space. If your router has > 6 full BGP sessions, you can filter /24 on half of them, your memory usage will drop significantly.
On Tue, Dec 23, 2008 at 08:25:40AM -0600, Alex H. Ryu wrote:
Also one of the reason why not putting default route may be because of recursive lookup from routing table. If you have multi-homed site within your network with static route, and if you use next-hop IP address instead of named interface, you will see the problem when you have default route in routing table. For an example, if you have "ip route 1.0.0.0 255.0.0.0 2.2.2.2". If the interface for 2.2.2.2 is down, 1.0.0.0/8 will be still be in the routing table because 2.2.2.2 can be reached via default route (0.0.0.0/0) from routing table recursive lookup. Therefore the traffic for 1.0.0.0/8 will be forwarded to "0.0.0.0/0" next-hop ip address, and customer fail-over scenario will not be working at all.
Only way to resolve this problem is... Actually three... 1) Use named interface such as "serial 1/0" instead of "x.x.x.x" IP next-hop address. But sometimes this is not an option if you use ethernet circuit or something like Broadcast or NBMA network.
ip route 1.0.0.0 255.0.0.0 fa0/0 2.2.2.2 -- Brett
On Tue, 23 Dec 2008 14:08:25 +1300, Nathan Ward said:
People are filtering /24s without a 0/0 route?
Hell - people have been known to filter entire /8's and fail to notice the resulting damage. See the bogon filters for 69/8, then 70/8, then...
On Tue, Dec 23, 2008 at 02:08:25PM +1300, Nathan Ward wrote:
On 23/12/2008, at 1:31 PM, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes.
People are filtering /24s without a 0/0 route?
actually, you should ask the more general question, "Are ISPs filtering when they don't have a 0/0 route?" and i suspect the answer is almost certainly. being default-free has its advantages as does not using some variable RIR metric as a basis for routing policy. --bill
On Mon, 22 Dec 2008, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes.
There's no "if" about it. Months ago when I and others were looking into this, we found plenty of examples of networks with /19s, /20s, etc. announcing only the /24 deaggregates. If you plan to filter these people and have customers to answer to, you'll need to point default at someone who's not filtering them. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
In case anyone cares... From my router's perspective: /1 0 /2 0 /3 0 /4 0 /5 0 /6 0 /7 0 /8 20 /9 9 /10 20 /11 53 /12 159 /13 310 /14 560 /15 1,096 /16 10,235 /17 4,461 /18 7,593 /19 16,284 /20 19,075 /21 18,598 /22 23,941 /23 24,615 /24 144,832 /25 1 /26 1 /27 1 /28 3 /29 1 /30 1,234 /31 13 /32 23 Total 273,138 No, I wasn't bored enough to count them by hand. JUNOS has a "count" feature. :) Scott -----Original Message----- From: Jon Lewis [mailto:jlewis@lewis.org] Sent: Monday, December 22, 2008 8:12 PM To: Seth Mattinen Cc: NANOG list Subject: Re: What is the most standard subnet length on internet On Mon, 22 Dec 2008, Seth Mattinen wrote:
Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for "traffic engineering". If one does that and doesn't announce the aggregate as well, one could find themselves facing random black holes.
There's no "if" about it. Months ago when I and others were looking into this, we found plenty of examples of networks with /19s, /20s, etc. announcing only the /24 deaggregates. If you plan to filter these people and have customers to answer to, you'll need to point default at someone who's not filtering them. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Basically /24s are the longest prefix size accepted by providers unless you are dealing RTBH (triggered blackholing services). Another requirement to ensure acceptance of an IP block, especially smaller assignments are equivalent route objects matching it (in most cases your provider will do it on your behalf). /Kana
Hi all,
I appreciate many people gave me advices, Some of persons asked me about my questions, I'm sorry for that I couldn't reply to everyone. Because of your help, I could get many opinions and standards regarding IP allocation policy.
by the way, in APNIC's IP allocation sizes policy, there is a comments like below. "Below are the minimum sizes for allocations and assignments, This information is provided at the request of the ISP community to assist in filtering policy decisions " Currently, is there any provider filtering routes under LIR's minimum allocation size such as /22 ?
Best regards, ============================================= Chi-Young Joung SAMSUNG NETWORKS Inc. Email: lionair@samsung.com Tel +82 70 7015 0623, Mobile +82 17 520 9193 Fax +82 70 7016 0031 =============================================
------- Original Message ------- Sender : Danny McPherson<danny@tcb.net> Date : 2008-12-21 02:42 (GMT+09:00) Title : Re: What is the most standard subnet length on internet
On Dec 18, 2008, at 9:43 PM, 정치영 wrote:
Suresh,
Yes, I guess my concern is close to the second meaning.
It seems so simple. Currently annoucement of /24 seems to be okey, most upstream providers accept this. However I wonder if there is any ground rule based on any standard or official recommandation. If there is some standardized rule about prefix length to be annouced, I will make my bgp & IP allocation policy of each data center of my company, and I will be able to more fairly and squarely speak to my customer like this "You have to change your server's IP address if you want move your server to other place"
Some useful guidance is provided here (and in subsequent references) as well:
An Architecture for IP Address Allocation with CIDR <http://tools.ietf.org/html/rfc1518>
Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy <http://tools.ietf.org/html/rfc1519>
Network Renumbering Overview <http://tools.ietf.org/html/rfc2071>
A Framework for Inter-Domain Route Aggregation <http://tools.ietf.org/html/rfc2519>
HTH,
-danny
On Tue, 21 Jul 2009 14:55:24 +0800 Kanagaraj <kanagaraj@globaltransit.net> wrote:
Basically /24s are the longest prefix size accepted by providers unless you are dealing RTBH (triggered blackholing services). Another requirement to ensure acceptance of an IP block, especially smaller assignments are equivalent route objects matching it (in most cases your provider will do it on your behalf).
Randy Bush et al. have something interesting to say that challenges this conventional wisdom or at least clarifies it. See here for some detail: <http://www.psg.com/~olaf/measurements/as3130/publications.html> In part they show that the use of default routing might be much more pervasive than people realize based on data plane measurements they take (as opposed to control plane measurements). They observe that while a /25 does does not have the same reachability as a larger prefix, it might still be reachable by a surprising number of ASes. John
participants (16)
-
Alex H. Ryu
-
bmanning@vacation.karoshi.com
-
Brett Frankenberger
-
Church, Charles
-
Grzegorz Janoszka
-
Joe Provo
-
John Kristoff
-
Jon Lewis
-
Kanagaraj
-
Nathan Ward
-
Scott Morris
-
Seth Mattinen
-
Skywing
-
Tomas L. Byrnes
-
Valdis.Kletnieks@vt.edu
-
정치영