We were just allocated a /17 out of 69/8. With all off the recent traffic on 69/8 reachability problems, I asked ARIN if the allocation could come from a different block. Their answer was basically that 69/8 (only) is where they are allocating from and that "from reading NANOG, it appears that much of the problem has been resolved." I haven't seen any updated information that 69/8 is now working for people. Is everyone just quiet about it, or have filters actually been updated making this a non-issue? Thanks, Rick
On Wed, Mar 19, 2003 at 09:42:46AM -0800, Rick Ernst wrote:
We were just allocated a /17 out of 69/8. With all off the recent traffic on 69/8 reachability problems, I asked ARIN if the allocation could come from a different block.
Their answer was basically that 69/8 (only) is where they are allocating from and that "from reading NANOG, it appears that much of the problem has been resolved."
I haven't seen any updated information that 69/8 is now working for people. Is everyone just quiet about it, or have filters actually been updated making this a non-issue?
i'm in the midst of writting a brief article about 69/8 reachability that i inted to post on /. and as a result hopefully it will become a more publically visible issue as places like news.google pick up /. articles. If you have a server that is in 69/8 that you want referenced by it, perhaps a test machine saying "your network appears to be working ok" that you want listed let me know. I also am going to allow people to submit urls for a "wall of shame" that still show 69/8 (amongst others) as something to block. obviously we won't accept messages to mailing lists that are older but anyones current "use these filters to help secure your network" pages should get listed. I encourage people who find networks that are blocking 69/8 that you get them to fix to ask them if they continue to use such filtering to subscribe to Rob's bogon-announce list that is hosted on my machine. http://puck.nether.net/mailman/listinfo/bogon-announce - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Wed, 19 Mar 2003, Rick Ernst wrote:
Their answer was basically that 69/8 (only) is where they are allocating from and that "from reading NANOG, it appears that much of the problem has been resolved."
I wonder what they based that ASSumption on? The thread just sort of died...and now you've revived it.
I haven't seen any updated information that 69/8 is now working for people. Is everyone just quiet about it, or have filters actually been updated making this a non-issue?
I've been busy with other things, so I haven't been able to spend as much time on my 69/8 reachability project as I did the first few days. I still have a list of about 700 destinations reachable from 209.208/17 but not from 69/8. That's down from about 1000 when I did the first ping sweep. I know I've personally gotten half a dozen or so networks to update their filtering. I've also had several messages apparently go ignored (1 week with no response and no filter update), two of which are US military /16's. A bunch of the remaining affected networks are in other countries where I'm afraid language is going to be a barrier. This issue will likely never be entirely resolved. Just hope your customers don't care about reaching the remaining affected networks. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
I've definitely noticed the steady decline in complaints in reachability. I think though at some point it will be resolved, after all all the other blocks got squared away it seems, or is that an incorrect assumption? ----- Original Message ----- From: <jlewis@lewis.org> To: "Rick Ernst" <erond@legendz.com> Cc: <nanog@merit.edu> Sent: Wednesday, March 19, 2003 10:26 AM Subject: Re: 69/8 revisited
On Wed, 19 Mar 2003, Rick Ernst wrote:
Their answer was basically that 69/8 (only) is where they are allocating
and that "from reading NANOG, it appears that much of the problem has been resolved."
I wonder what they based that ASSumption on?
The thread just sort of died...and now you've revived it.
I haven't seen any updated information that 69/8 is now working for
from people.
Is everyone just quiet about it, or have filters actually been updated making this a non-issue?
I've been busy with other things, so I haven't been able to spend as much time on my 69/8 reachability project as I did the first few days. I still have a list of about 700 destinations reachable from 209.208/17 but not from 69/8. That's down from about 1000 when I did the first ping sweep. I know I've personally gotten half a dozen or so networks to update their filtering. I've also had several messages apparently go ignored (1 week with no response and no filter update), two of which are US military /16's.
A bunch of the remaining affected networks are in other countries where I'm afraid language is going to be a barrier. This issue will likely never be entirely resolved. Just hope your customers don't care about reaching the remaining affected networks.
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Wed, 19 Mar 2003, Scott Granados wrote:
I've definitely noticed the steady decline in complaints in reachability. I think though at some point it will be resolved, after all all the other blocks got squared away it seems, or is that an incorrect assumption?
I'd bet they're not all resolved...just mostly to the point that nobody cares. Does anyone have a traceroute web page from another (not 69/8) block that recently went from reserved to RIR allocated? I'd be interesting to see how many of the 69/8 unreachable IPs are unreachable from other reserved->RIR allocated blocks. By the end of the week, I expect to have a system setup (big system with lots of available bandwidth) where people can do simultaneous traceroutes from 69 and !69 IPs and see the results side by side. I've got this now on my workstation and have included a link to it in most of the filter update request messages I've sent, but I don't want all of nanog (much less /.) hitting my workstation. I also plan to put the reachability database on that system and make the unreachable IPs viewable. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Thus spake <jlewis@lewis.org>
On Wed, 19 Mar 2003, Scott Granados wrote: I'd bet they're not all resolved...just mostly to the point that nobody cares. Does anyone have a traceroute web page from another (not 69/8) block that recently went from reserved to RIR allocated? I'd be interesting to see how many of the 69/8 unreachable IPs are unreachable from other reserved->RIR allocated blocks.
I'm wondering if there's something special about 69/8... I can't recall this sort of discussion for 61/8 through 68/8, at least after CIDR in the former Class A space was initially validated. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
On Wed, 19 Mar 2003, Stephen Sprunk wrote:
I'm wondering if there's something special about 69/8... I can't recall this sort of discussion for 61/8 through 68/8, at least after CIDR in the former Class A space was initially validated.
For a very interesting comparison, do groups.google.com searches for 69.0.0.0/8 and then for 61.0.0.0/8. While the first is several pages of hits saying to block 69.0.0.0/8 as a bogon, all the links for 61.0.0.0/8 seem to suggest blocking that /8 due to spam. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (5)
-
Jared Mauch -
jlewis@lewis.org -
Rick Ernst -
Scott Granados -
Stephen Sprunk