Let's add a little spice to you list...run it up the flag pole etc... but please let's deal with this professionally with out to much flame! My goal is to ensure the network meets the business objective of our company, not simply to debug traffic etc. In order to do this I need redundant connections to multiple ISP's, and a method for delivering delay sensitive traffic in the most efficient way possible. The above implies BGP. I've applied to ARIN for a number block large enough to ensure routablility, and have been rejected. This leaves me with three alternatives, please correct me if you see any another alternatives. First, we can attempt to buy address space which may or may not be transferable, or more likely we acquire a small company, and/or it's assets, one of which just happens to be a large chuck of address space. Second, I can do the time proven technique of lying about how many hosts I have or how many I plan to have, this I find uncomfortable as I think it is dishonest! I'd bet at least one of the readers of this list has exaggerated about how may hosts they have in their network, or how many they planed to have on a template, so don't be to quick to grab for the high moral ground!! Finally, I can appeal ARIN's decision, which I have already requested from IANA, and was told to request an appeal from hostmaster@ARIN.net. I'm still waiting to here something. On appeal I plan to quote RFC2050 which according to the ARIN web site is what they use make allocation descions. Basically I think ARIN procedures only take into account network size, and nothing else. I don't think RFC2050 language is that strict. Please see item '3b' below: "In order for the Internet to scale using existing technologies, use of regional registry services should be limited to the assignment of IP addresses for organizations meeting one or more of the following conditions: a) the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from 1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses. b) the organization is multi-homed with no favored connection. c) the organization's actual requirement for IP space is very large, for example, the network prefix required to cover the request is of length /18 or shorter. All other requesters should contact its ISP for address space or utilize the addresses reserved for non-connected networks described in 1918 until an Internet connection is established. Note that addresses issued directly from the IRs,(non-provider based), are the least likely to be routable across the Internet. " Also, from 3.1 "utilization is a key factor" implying it's not the only factor. " 3.1 Common Registry Requirements Because the number of available IP addresses on the Internet is limited, the utilization rate of address space will be a key factor in network number assignment. " Basically our normal output traffic is about 45mb/s with a peak as high as 67.6Mb/s during Clinton's shinangians, we've been listed as the 16th busiest web site in the world, and I think that ought to count toward getting a routable address space!!! I also wonder if there aren't free speech issues involved if US entities start dropping traffic based on non technical factors? I welcome any suggestions you may have as to how I can archive my goal of obtaining an address block big enough to implement BGP succesfully. Thank You Mark Vickers RealNetworks, Inc. " In order for the Internet to scale using existing technologies, use of regional registry services should be limited to the assignment of IP addresses for organizations meeting one or more of the following conditions: a) the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from 1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses. b) the organization is multi-homed with no favored connection. c) the organization's actual requirement for IP space is very large, for example, the network prefix required to cover the request is of length /18 or shorter.
[Warning: Long post. Get another cup of coffee before reading. To save time for those of you looking for the short answer: "Mark - start peering with your upstreams with a small announcement of /23 or /24, and you'll be fine - there's no need for you to get a block from ARIN for your requirements."] At 11:14 AM 9/28/98 -0700, Mark Vickers wrote:
Let's add a little spice to you list...run it up the flag pole etc... but please let's deal with this professionally with out to much flame!
My goal is to ensure the network meets the business objective of our company, not simply to debug traffic etc. In order to do this I need redundant connections to multiple ISP's, and a method for delivering delay sensitive traffic in the most efficient way possible. The above implies BGP.
Correct so far.
I've applied to ARIN for a number block large enough to ensure routablility, and have been rejected. This leaves me with three alternatives, please correct me if you see any another alternatives. First, we can attempt to buy address space which may or may not be transferable, or more likely we acquire a small company, and/or it's assets, one of which just happens to be a large chuck of address space. Second, I can do the time proven technique of lying about how many hosts I have or how many I plan to have, this I find uncomfortable as I think it is dishonest! I'd bet at least one of the readers of this list has exaggerated about how may hosts they have in their network, or how many they planed to have on a template, so don't be to quick to grab for the high moral ground!! Finally, I can appeal ARIN's decision, which I have already requested from IANA, and was told to request an appeal from hostmaster@ARIN.net. I'm still waiting to here something.
Your implied assertion that you need a set of address space that is larger than a /24 (or /23, or even /22) to "ensure routability" is not valid _enough_. Currently, only Sprint, AGIS, and a handful of others are filtering >/19 routes (in certain /8 ranges) at their borders, unless the number of aggressively filtering NSPs has changed significantly since it was last brought up on this list some months ago. If your "primary" upstream from whom you've received a /24 is advertising your /24 in a larger aggregate, and you also are advertising your /24 through at least one other NSP that is not Sprint (the other possibly being Sprint or some other NSP) then you have two valid inbound paths with acceptable redundancy. You could also ask your primary upstream to "de-CIDRize" their own announcement and double-announce the /24 with your AS tag and also the larger aggregate with only their own AS path, but that's how you get into The CIDR Report more often. :) Anyway, you're indicating that a significant portion of your customers are single-homed with Sprint or AGIS (or some other route-limiting NSP) who can't hear or won't choose the more specific /24 over the larger aggregate announcement. I think the number of sites that have this particular situation is very small and does not justify such an enormous waste of address space to circumvent the filters on these particular providers. Small address advertisements (>/19) are sufficient to provide acceptable redundancy in a multi-homed environment. In any case, your intended use of a larger aggregate completely invalidates the reasons that (from what I understand) Sprint and AGIS block those routes: overfull and unstable routing tables. You're creating the same end result with the same number of announcements, and using up valuable IPv4 space as a side effect. Double plus ungood. You should opt for the "least worst" scenario, and simply advertise a /24 through multiple upstreams out of your primary's larger aggregate. Furthermore enforcing "acceptable redundancy", regardless of Sprint/AGIS filters: Most regionals are multi-homed through at least two NSPs, at least one of which will not be Sprint or AGIS. This means that the packets find their way to you even if your connection to your "primary" drops (and therefore all traffic from Sprint to your network in the aggregate starts to blackhole at your primary's IGP-BGP border.) Therefore, Sprint/AGIS can't get to you, but the overwhelming majority of the Internet still can get to you through a more specific path, even if many of those people have some of their connectivity provisioned by Sprint/AGIS. I will certainly not say that you won't have some number of customers that can't get to your service. If you're that concerned about them, pull in T1s from both Sprint and AGIS - they'll announce routes from customers that they won't accept (at least, Sprint seems to - can't say about AGIS) and I expect the bandwidth costs for those "Sprint/AGIS only" links will not be unfairly priced compared with what you'd have to pay for transit to Sprint/AGIS across someone else's backbone, anyway. Essentially, I disagree that the premise for your address requirements of any size to ARIN is valid based on the information that you have revealed thus far. If you have 5,000 hosts that all must see the Internet and are running web servers, then it's a different story. But if you're just a few dozen (or even hundred) servers, a /24 or /23 should be sufficient for an acceptable delivery-of-service level.
On appeal I plan to quote RFC2050 which according to the ARIN web site is what they use make allocation descions. Basically I think ARIN procedures only take into account network size, and nothing else. I don't think RFC2050 language is that strict.
Please see item '3b' below: "In order for the Internet to scale using existing technologies, use of regional registry services should be limited to the assignment of IP addresses for organizations meeting one or more of the following conditions:
a) the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from 1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses.
b) the organization is multi-homed with no favored connection.
c) the organization's actual requirement for IP space is very large, for example, the network prefix required to cover the request is of length /18 or shorter.
All other requesters should contact its ISP for address space or utilize the addresses reserved for non-connected networks described in 1918 until an Internet connection is established. Note that addresses issued directly from the IRs,(non-provider based), are the least likely to be routable across the Internet. "
You may be right, since option "b" is pretty clear. And I might even agree with you that ARIN should allocate you addresses (small addresses, though) using this as the only criteria. But it's not the only criteria used. RFC 2050 is a "guideline" as expressed in http://www.arin.net/ip-allocation.html , but other CIDR-based RFCs are listed as resources, and the document even goes so far as to say: "These potential policies may include such steps as setting limits on the size of Classless Inter-Domain Routing (CIDR) prefixes added to the routing tables or filtering of non-aggregated routes." I'm just reading the text; it's fairly clear that ARIN can be ambiguous about their allocation sizes. That may be unfair, or may play favorites, or what-have-you, but that's not the issue we're debating and should be taken to another thread (threat? thread? ;) which can heartily fill my /dev/null procmail ruleset.
Also, from 3.1 "utilization is a key factor" implying it's not the only factor.
" 3.1 Common Registry Requirements
Because the number of available IP addresses on the Internet is limited, the utilization rate of address space will be a key factor in network number assignment. "
Basically our normal output traffic is about 45mb/s with a peak as high as 67.6Mb/s during Clinton's shinangians, we've been listed as the 16th busiest web site in the world, and I think that ought to count toward getting a routable address space!!!
Hardly. According to nitrous.digex.net - Looking Glass: ad.DoubleClick.com is on a /23. www.ABCNews.com is in a /20. www.weather.com is on a /24. These sites are working just fine in >/19 networks, and I'm sure they push just as much data as you, and are no less "important" as you, unless you care to tell us how your bits per second output should influence policy that effects everyone. So are you a proponent of "largest bit _output_ wins"? If so, please see the settlement argument of a few weeks ago on this list for some excellent discussion. Shouldn't you be giving IP addresses to ME? ;)
I also wonder if there aren't free speech issues involved if US entities start dropping traffic based on non technical factors?
I don't see how this is relevant, and in any case, no.
I welcome any suggestions you may have as to how I can archive my goal of obtaining an address block big enough to implement BGP succesfully.
See my initial invalidation of your address size requirement above. I think you'll be happy with a properly advertised block from within an aggregate. JT
Thank You
Mark Vickers RealNetworks, Inc.
On Mon, Sep 28, 1998 at 04:21:27PM -0400, John Todd wrote:
[Warning: Long post. Get another cup of coffee before reading. To save time for those of you looking for the short answer: "Mark - start peering with your upstreams with a small announcement of /23 or /24, and you'll be fine - there's
There was a presentation at NANOG recently which detailed the use of NAT for multihoming. You may be generating too much traffic to use NAT. It might also be worthwhile to have redundant connections to the same transit provider. There are still a few providers around with free C space. You might consider trying that approach. As mentioned, a /16 is a fairly large amount of space to be wasting.
If your "primary" upstream from whom you've received a /24 is advertising your /24 in a larger aggregate, and you also are advertising your /24 through at least one other NSP that is not Sprint (the other possibly being Sprint or some other NSP) then you have two valid inbound paths with acceptable redundancy. You could also ask your primary upstream to "de-CIDRize" their own
If your primary upstream connection goes away you are then blackholed with respect to sprint, etc. as well as all of sprint's singly homed customers, of which there are many.
reasons that (from what I understand) Sprint and AGIS block those routes: overfull and unstable routing tables. You're creating the same end result with the same number of announcements, and using up valuable IPv4 space as a side effect. Double plus ungood. I think only single plus ungood in this case, for the wasted space.
I will certainly not say that you won't have some number of customers that can't get to your service. If you're that concerned about them, pull in T1s from both Sprint and AGIS - they'll announce routes from customers that they won't accept (at least, Sprint seems to - can't say
What about the 'handful of others'? This is ludicrous.
Essentially, I disagree that the premise for your address requirements of any size to ARIN is valid based on the information that you have revealed thus far. If you have 5,000 hosts that all must see the Internet and are running web servers, then it's a different story. But if you're just a few dozen (or even hundred) servers, a /24 or /23 should be sufficient for an acceptable delivery-of-service level.
Yes, I disagree with the address requirements as well. I don't think it's unreasonable for a large generator of traffic to want routable space. Perhaps there should, as mentioned, be additional guidelines from which the registries make a decision? How about a small area of space dedicated to those who have a real reason to have a /24-/20 size block? If the reason for filtering small block of space is to keep small companies not generating a lot of traffic from polluting routing space I don't think this applies. Austin
Austin,
If the reason for filtering small block of space is to keep small companies not generating a lot of traffic from polluting routing space I don't think this applies.
Ouch. Traffic generation has absolutely no relation to prefix length filtering. The reason the filters are in place is because there are very few tools available to limit the growth of routing tables and filtering based on prefix length is a simple to implement unilateral mechanism that (theoretically) encourages people to think about their actions prior to flooding the routing system with long prefixes. If any of this is new to you (as it would appear to be), I'd strongly recommend reviewing the old CIDRD archives (wherever they might be). Regards, -drc
On Mon, Sep 28, 1998 at 05:11:42PM -0700, David R. Conrad wrote:
Austin,
If the reason for filtering small block of space is to keep small companies not generating a lot of traffic from polluting routing space I don't think this applies.
Ouch.
Traffic generation has absolutely no relation to prefix length filtering.
Yes, but the question is should it? If a content provider generates a monstrous amount of traffic should they be forced to buy transit just because the traffic is generated by a small number of hosts?
The reason the filters are in place is because there are very few tools available to limit the growth of routing tables and filtering based on prefix length is a simple to implement unilateral mechanism that (theoretically) encourages people to think about their actions prior to flooding the routing system with long prefixes.
Ok, but in this situation 'think about' = 'forbid'. In the vast majority of conditions it may make more sense for the organization to be dual homed with respect to a single NSP. On the other hand perhaps the current system encourages waste of address space by forcing organizations to claim at least a /21 of space if they wish to be given routable space by ARIN. What _should_ make space routable? Just network size? What about situations where a medium size dialup ISP wants to be multihomed? Perhaps they could theoretically use NAT to handle their dialup rather than have a pool of ip addresses but are encouraged not to because they don't want to jeapordize their eligibility for routable space. The same example could be used for web hosting companies who give each virtual server an ip address. How about some of the many universities with a gargantuan amount of space used mostly for dorm rooms? Couldn't they use NAT and free up space? Would they want to given a smaller amount of space may not be routable? It just seems like it is more reasonable to give a company like realaudio with a legitimate traffic generating resource the ability to multihome than penalize them for not wasting space. I'm not advocating a return to the bad old days where everyone and their brother gets a class C, rather suggesting that the current system of preventing a route explosion may have unwanted side effects.
I'd strongly recommend reviewing the old CIDRD archives (wherever they might be).
I'll look for them. Austin
In message <19980929040656.41082@shrubbery.net>, Austin Schutz writes:
On Mon, Sep 28, 1998 at 05:11:42PM -0700, David R. Conrad wrote:
Austin,
If the reason for filtering small block of space is to keep small companies not generating a lot of traffic from polluting routing space I don't think this applies.
Ouch.
Traffic generation has absolutely no relation to prefix length filtering.
Yes, but the question is should it? If a content provider generates a monstrous amount of traffic should they be forced to buy transit just because the traffic is generated by a small number of hosts?
No one is forcing you to buy transit. You are free to cut deals with anyone you want. I'm sure if you paid the right people the right amount of money, they would be happy to listen to a /32. You can't expect everyone else to give you for free, resources in their routers. If you pay a providerthey will be happy to anounce a /24 for you. If you pay the other people whose resources you are using, maybe they will listen? (Hint, Sprint will listen to a /24 from a customer, most other providers will also.)
The reason the filters are in place is because there are very few tools available to limit the growth of routing tables and filtering based on prefix length is a simple to implement unilateral mechanism that (theoretically) encourages people to think about their actions prior to flooding the routing system with long prefixes.
Ok, but in this situation 'think about' = 'forbid'. In the vast majority of conditions it may make more sense for the organization to be dual homed with respect to a single NSP. On the other hand perhaps the current system encourages waste of address space by forcing organizations to claim at least a /21 of space if they wish to be given routable space by ARIN.
What _should_ make space routable? Just network size? What about situations where a medium size dialup ISP wants to be multihomed? Perhaps they could theoretically use NAT to handle their dialup rather than have a pool of ip addresses but are encouraged not to because they don't want to jeapordize their eligibility for routable space. The same example could be used for web hosting companies who give each virtual server an ip address. Just because they are using NAT doesn't mean they can't justify usage. If they are at T-1 level or dual T-1 level, there are plenty of solutions
So its good enough for everyone else but not for you? This seems a bit thin. People that multi-home often do it for having more paths, single homed to a single NSP does not always increase reliablity to do some of the failure modes being the same. ARIN has already relaxed the /19 require to a /21, this is pretty significant, I think. There are proposals to relax it more. It has been stated by people here, and elsewhere, that as long as route table growth is maintained at a reasonable rate, prefix length filters might someday go away. I suspect of ARIN recommended to ISPs to relax the filter length, they would look seriously at doing so. that work. The reocmmendation by the ARIN Advidsory Council that WWW hosting companies not use multiple IPs when it becomes technologicly reasonable to do so, has already been made.
How about some of the many universities with a gargantuan amount of space used mostly for dorm rooms? Couldn't they use NAT and free up space? Would they want to given a smaller amount of space may not be routable? I'm not sure ARIN should or could force universities to renumber. A good number of those use DS3s which makes the NAT solution a non-starter anyway.
It just seems like it is more reasonable to give a company like realaudio with a legitimate traffic generating resource the ability to multihome than penalize them for not wasting space.
You can get space from your upstream provider and announce it. If your provider is especically nice they can even give you de-aggregated space so you can inbound load balance, (if you are just generating traffic, this is moot, because outbound load balancing is not dependent on the prefixes announced out.) I don't see why you can do this.
I'm not advocating a return to the bad old days where everyone and their brother gets a class C, rather suggesting that the current system of preventing a route explosion may have unwanted side effects.
We are quite aware of the side effects, but who should carry the cost of the increased resources used? What obivous metric should be used to choose who lives and who dies? (Hint: if the solution was easy, we would have already done it.)
I'd strongly recommend reviewing the old CIDRD archives (wherever they might be).
I'll look for them. Austin
We've been round and round before on this, in Nanog also. --- Jeremy Porter, Freeside Communications, Inc. jerry@fc.net PO BOX 80315 Austin, Tx 78708 | 512-458-9810 http://www.fc.net
On Mon, 28 Sep 1998, John Todd wrote:
I think the number of sites that have this particular situation is very small and does not justify such an enormous waste of address space to circumvent the filters on these particular providers. Small address advertisements (>/19) are sufficient to provide acceptable redundancy in a multi-homed environment.
If the registries would start allocating address space that has been recovered from the swamp to this sort of company, then the problem would be solved. If a company needs multihoming capability but will never use more than a /23 then what is wrong with reusing swamp space? -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
If the registries would start allocating address space that has been recovered from the swamp to this sort of company, then the problem would be solved. If a company needs multihoming capability but will never use more than a /23 then what is wrong with reusing swamp space?
-- Michael Dillon - E-mail: michael@memra.com
What swamp? There is active space and dormant space. Registries are generally provisioning out of active space (by definition) and the dormant space is delegated space that is not being provisioned from -at this time-. Current dormant space does have some interstital gaps of undelegated space. This is true -all- the way down the delegation heirarchy. (retorical question; have you used 100% of your cidr block?) There are efforts to develop a process to identify and reclaim prefixes that are inactive and are expected to remain so regardless of the active or dormant state of the block. --bill
On Mon, Sep 28, 1998 at 11:14:31AM -0700, Mark Vickers wrote:
Let's add a little spice to you list...run it up the flag pole etc... but please let's deal with this professionally with out to much flame!
My goal is to ensure the network meets the business objective of our company, not simply to debug traffic etc. In order to do this I need redundant connections to multiple ISP's, and a method for delivering delay sensitive traffic in the most efficient way possible. The above implies BGP.
You don't need a Class B. Period. I'm sorry, I don't agree with your reasoning. If you need a large block, why don't you consider getting a /19, which I think is the smallest block most providers will advertise? I doubt you even need that much address space, and I don't think your usage justifies even a /19. Let the people who need the space, have the space.
template, so don't be to quick to grab for the high moral ground!! Finally, I can appeal ARIN's decision, which I have already requested from IANA, and was told to request an appeal from hostmaster@ARIN.net. I'm still waiting to here something.
What's the difference betweeen you, and your customers, many of whom are big sites that need to route streaming audio and video on a time-critical basis? They aren't going out and trying to get /16's, Mark. You want to do what you're doing just so you can measure traffic. That's ridiculous.
I also wonder if there aren't free speech issues involved if US entities start dropping traffic based on non technical factors?
Red herring. I don't think your technical situation merits a /16. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.
participants (8)
-
Austin Schutz
-
bmanning@vacation.karoshi.com
-
David R. Conrad
-
Jeremy Porter
-
John Todd
-
Mark Vickers
-
Michael Dillon
-
Steven J. Sobol