Re: not rewriting next-hop, pointing default, ...
This is yet another problem/opportunity, in that providers want/need to implement policies (such as no default, or only accept traffic from the following ASs, or only accept traffic for the following ASs, or consistent announcement) that are are difficult to enforce and/or automatically measure/detect with today's technology. Router/switch vendors and potential interconnect providers take note! -scott Randy Bush <randy@psg.com> wrote
a senior engineer at a well-known provider just pointed out to us that a weenie provider at mae-east was o not rewriting next-hop o sending our routes to others o sending others' routes to us o likely pointing default at us
their noc phone was answered by a modem. we suspended peering with them and wrote to their noc. we got back a snotty message. we have ceased peering with them.
we installed packet filters. our traffic on the east fddi dropped noticeably.
when the larger providers decline to peer with the smaller, there is a sad reason. traceroute -g is your friend.
randy
DEC's PAIX agreement specifies "...and provider agrees not to point default at any other PAIX member" or some such. This means stealing unitransit in Palo Alto is a terminable offense. Other interconnects ought to do the same. I note this because CIX member at PAIX asked to have port filtering installed on their GIGAswitch port just because they were afraid of people pointing default at them. That meant that some other CIX members who were using the CIX router as a sort of poor man's route server had to set up direct peering. Probably direct peering is better for network stability in any case (recalling the MAE-W route server failure last year that took a week to fix) but the fact of the worry bothered me. There is no cause for such worry. Nobody is going to point default at you by accident; if they did it, they did it on purpose, and they don't belong at the exchange point at all.
participants (2)
-
Paul A Vixie -
Scott Huddle