I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider? Thanks. - mz -- matthew zeier - "In mathematics you don't understand things. You just get used to them." - John von Newmann
My company has been utilizing multiple DS3 facilities from Genuity for several years with few complaints. Until recently we had almost 100% uptime (minus the outage following the WTC attack) and their NOC/Engineering staff are top notch and very responsive. I would feel comfortable using them as a secondary provider, and wouldn't hesitate for a moment to recommend them as a tertiary transit provider. Regards, Anthony matthew@velvet.org wrote:
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
Thanks.
- mz
-- matthew zeier - "In mathematics you don't understand things. You just get used to them." - John von Newmann
On Thu, 11 Apr 2002, matthew zeier wrote:
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
I love Genuity's latest set of commercials. Who doesn't have a "legacy" in their network? Much better than Black Rocket (anything would have been better). For Internet stuff they are very good. Genuity is a bi-coastal provider, lots of business on the east and west coast, only a little in the middle of the country. They don't have as high a brand recognition as some other providers, and they don't have a multi-product (long-distance, cell phones, etc) sales force. Genuity is one of a few providers I would recommend as a primary ISP. As a tertiary provider, they might be a bit pricey in comparison to some of the other bit-mover providers. But when you need NOC support, they are top-notch.
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
I think they are outstanding. After using a bunch-o'nsps from 1994 to 1998, including 5 at a time, we picked Genuity when we went to the DS3 level because they consistently had the best cross-country RTT, the fewest issues, the best trouble ticket system, and friendly and capable people who interact well with us both by phone and email. Still no complaints after all this time. I was concerned when the BBN->GTEI->Genuity (+ nap.net?) transitions happened, but I saw no degradation of operations. I've only had one billing glitch in all this time. Compared to other telco-based NSPs, this is very refreshing (and time saving). -mark
I've gotten attractive pricing from Genuity but I haven't used them in a couple years.Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
Been using them since 1999 when we (AS378) bought transit at AADS via Nap.net->GTEI->BBN->Genuity. Over the course of 3 years we have had only two major problems with them: - August 1999: multiple install problems, from providing us incorrect passwords, improper in-addr.arpa records for the link, wrong vpi/vci assignment, etc. -November 2000: we lost ATM connectivity to BBN (Ameritech did an ATM switch upgrade) and the BBN NOC Superviser was non-cooperative and close to abusive. Escalation worked and we got mugs and BBN T-shirts for all our NOC staff out of it :-) Since then, not a single complaint. Their NOC today is very good. They also provide secondary for all our NS stuff. Every time there is some serial problem or other DNS problem, they spot it immediately and send us an email to alert us to the problem. Their sales staff is also clueful for a change. For an ISP in the top 10 as per CAIDA, I'd give them an A-. Hank
Genuity are the best service provider I've ever had to deal with. Little bit expensive but - you get what you pay for thats for sure. Regards, Neil. -- Neil J. McRae neil@COLT.NET
Two bad experiences for me: 1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit. 2) Try to quit is a nightmare. We were billed for months beyond our cancellation. Roy Engehausen matthew zeier wrote:
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
Thanks.
- mz
-- matthew zeier - "In mathematics you don't understand things. You just get used to them." - John von Newmann
1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit.
Man I don't know of a provider that doesn't do this - but the fact is this is a good thing.
On Fri, 12 Apr 2002, Roy wrote:
1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes.
One of our upstreams wanted this so we just ended up sending them every legit network/prefix combo for our main networks (2 * /17) . They end up with over 500 entries in their database and any one time we are only advertising about 20 of them. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
In the referenced message, Roy said:
Two bad experiences for me:
1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit.
How is registering the routes you are going to announce a bad thing?
Registering is not "bad", its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit.. This is the case of transit so I am a customer paying money for a service. I started this subthread because I felt others would want to know about this. I made the mistake of buying transit service without asking about their BGP policies. I was hoping to help by sharing my experience. Stephen Griffin wrote:
In the referenced message, Roy said:
Two bad experiences for me:
1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit.
How is registering the routes you are going to announce a bad thing?
On Fri, Apr 12, 2002 at 04:50:20PM -0700, Roy wrote:
Registering is not "bad", its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit..
have you asked them to add entries for prefixes that don't "belong" to you? Adi
On Fri, 12 Apr 2002, Roy wrote:
Registering is not "bad", its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit..
The simple reasons is some people (or their buggy router) deaggregated multiple Class B's or A's and broke some upstream providers. You can blame whomever you want, but registration gives the user a chance to notice a typo resulted in 65,535 routes before actually announcing all those routes. No, it doesn't stop a malcious router engineering. But it is a nice "defense in depth" or "speed bumb" for dumb mistake(tm) prevention.
On Fri, 12 Apr 2002 20:00:37 -0400 (EDT), Sean Donelan wrote:
On Fri, 12 Apr 2002, Roy wrote:
Registering is not "bad", its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit..
The simple reasons is some people (or their buggy router) deaggregated multiple Class B's or A's and broke some upstream providers. You can blame whomever you want, but registration gives the user a chance to notice a typo resulted in 65,535 routes before actually announcing all those routes. No, it doesn't stop a malcious router engineering. But it is a nice "defense in depth" or "speed bumb" for dumb mistake(tm) prevention.
There are certainly reasonable and unreasonable cases one can imagine. Someone with a single /20 who wants to be able to advertise /24s or larger from within his block is (probably) a reasonable request. Someone with a /16 who wants to be able to advertise down to /32s within his block is unreasonable, especially if he expects his provider to advertise these routes to its peers/providers. One common need for advertising small routes within large blocks is dealing with dos attacks. If you have, say, 4 100Mbps circuits, and 1.2.3.4 is being DOSed, you can advertise nothing but 1.2.3.4/32 on one of the circuits and the DOS is now clamped at 100Mbps and everything else will be fine. However, it's hard to work out in advance how not to propogate the route outside the appropriate scope and how to do this without special arrangements for that particular IP while still not allowing every customer you have to advertise /32s for every IP they own. The moral is, negotiate a reasonable BGP policy before you pay/sign. Make sure what seems reasonable to you also seems reasonable to your (prospective) provider. DS
On Fri, Apr 12, 2002 at 05:23:04PM -0700, David Schwartz wrote:
One common need for advertising small routes within large blocks is dealing with dos attacks. If you have, say, 4 100Mbps circuits, and 1.2.3.4 is being DOSed, you can advertise nothing but 1.2.3.4/32 on one of the circuits and the DOS is now clamped at 100Mbps and everything else will be fine. However, it's hard to work out in advance how not to propogate the route outside the appropriate scope and how to do this without special arrangements for that particular IP while still not allowing every customer you have to advertise /32s for every IP they own.
Most providers have a community tag structure of some kind, where you can influence things like localpref and where your route is exported to. One of the ones people are finally starting to add is the blackhole community. If a customer sends you a route with a certain community tag, set next-hop to some specific IP which you route to null0 on all routers, and of course set no-export. You could even link this into an automated backscatter analysis system, so that if a customer is under attack from random source IPs and they announce a blackhole route for the IP(s) being attacked, you can have an automated system open a ticket with the attacking interfaces without having to spend XX minutes getting a qualified engineer on the phone.
The moral is, negotiate a reasonable BGP policy before you pay/sign. Make sure what seems reasonable to you also seems reasonable to your (prospective) provider.
I think "most" providers have very ill defined BGP policies. Some providers use routing registries and tell you you're lucky if you get network change done within 24 hours. Some providers make you email them, and have a warm body "engineer" who knows just enough to type in the prefix lists, usually with typos. Some providers can support "/16 le 24" and some can't (and some can but neglected to tell their NOC). And then there is some definition of "big enough" at which most providers get tired of maintaining your filters (and assume you have enough clue to not mess up), and just remove them. Most make no guarantees of when they'll get around to taking care of filter changes, and if that's a problem well that's your fault because you should have planned your network changes better. If you have time on your hands and want to see the full range of policies in action from all the different transit providers, try becoming an InterNAP customer. :) Lets face it, most providers don't want their customers running BGP at all. It's more work for them, and more chances for you to break something. Infact in all statistical likelihood you probably read about it in a book and thought it was cool, and are in no way qualified to be using it anyways. :) When was the last time you saw a good document on how to setup routing registry stuff being distributed from an ISP to it's customers, that didn't contain "go read these RFC's and don't bother us"? Personally I find it distasteful that in order to be a "good net-citizen" every ISP needs to have a bunch of warm bodies or a perl monkey writing scripts to muck with router configs, just to keep a "dynamic" routing protocol from being "too dynamic". But I guess life isn't perfect. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On the leaking more specific routes topic (ip prefix lists): I've verified that Above.Net lets me do this and Genuity does not. But Genuity has said, today, that they are working on doing it. To address Sean's point about mistakes turning one /16 into a zillion entries, is there any way to allow only some specified maximum number of routes from a bgp neighbor? I know that I'ld be happy if my upstreams gave me a buffer of, say, 10 entries above my typical number of aggregates. -mark
In a message written on Fri, Apr 12, 2002 at 05:27:50PM -0700, Mark Kent wrote:
To address Sean's point about mistakes turning one /16 into a zillion entries, is there any way to allow only some specified maximum number of routes from a bgp neighbor? I know that I'ld be happy if my upstreams gave me a buffer of, say, 10 entries above my typical number of aggregates.
I'll bite, as I have this conversation with people from time to time. There are two things you can (easily) do with transit customers (wrt prefixes): 1) Limit them to specific prefixes up to a limited length. 2) Limit the number of prefixes. My take on the "right" thing to do is: 1) Allow any netblock the customer "owns"*, up to /24. 2) Use a default prefix limit of 50, or 2 times the number of prefixes the customer owns, whichever is greater. As a service provider, you don't want to spend a lot of cycles updating prefix lists. The providers that do exact match only I think are doing a lot of work for nothing, as they are doing a lot of updates for very little gain. On the other hand, you can't let customers have unfiltered access. The absolute limits are similar. You don't want to reconfigure your device hourly, but updating it every 10 years isn't good either. So, I think customers should be allowed to go up to a /24 by default. 50 extra routes is no big deal for any transit free provider, even from a few customers. For larger customers, that's not enough headroom, but if the customer is that large some clue is assumed, and so a limit of 2x the registered (eg supernet) prefixes is probably fine. I would allow a customer a higher limit if they can demonstrate a good reason. What do you find reasonable, and more importantly, why do you find it reasonable? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Mark Kent wrote:
On the leaking more specific routes topic (ip prefix lists): I've verified that Above.Net lets me do this and Genuity does not. But Genuity has said, today, that they are working on doing it.
To address Sean's point about mistakes turning one /16 into a zillion entries, is there any way to allow only some specified maximum number of routes from a bgp neighbor? I know that I'ld be happy if my upstreams gave me a buffer of, say, 10 entries above my typical number of aggregates.
Yes there is - neighbor <x> maximum-prefix <number> <warn-pct> We use it in conjuntion with exact filters, "just in case" someone makes a mistake on a filter. As well as using it on peers who we know should be advertising, say, 4000 routes - we'd limit them to 5000, because if they grow any more than that we want to know anyway :-)) The annoyance is there's no way to block on your side a known upstream or peer limit, and if you exceed the limit your upstream or peer needs to do a manual reset. What many desire is a matching (presumably configured slightly lower) neighbor <x> maximum-prefix-sent <number> <warn-pct> [limit|shutdown] to be able to prevent exceeding the limit and reset or restrict prefixes on your side, so you can fix the problem without having to contact all your peers and upstreams if something does go majorly wrong. David. -- David Luyer Phone: +61 3 9674 7525 Network Development Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 BYTE http://www.pacific.net.au/ NASDAQ: PCNTF
## On 2002-04-12 17:27 -0700 Mark Kent typed: MK> MK> To address Sean's point about mistakes turning one /16 into a zillion MK> entries, is there any way to allow only some specified maximum number MK> of routes from a bgp neighbor? I know that I'ld be happy if my MK> upstreams gave me a buffer of, say, 10 entries above my typical number MK> of aggregates. MK> MK> -mark MK> MK> For Cisco IOS just add this under the "router bgp" section --- neighbor <IP address> maximum-prefix <nnnn> --- Exceeding the maximum prefix number will shutdown the BGP session until a manual clear Enjoy Rafi -- Rafi Sadowsky rafi@oumail.openu.ac.il Network/System/Security VoiceMail: +972-3-646-0592 FAX: +972-3-649-8629 Mangler ( :-) | FIRST-REP for ILAN-CERT(CERT@CERT.AC.IL) Open University of Israel | (PGP key -> ) http://telem.openu.ac.il/~rafi
For Cisco IOS just add this under the "router bgp" section
Here is the way that you use to do the same in JunOS. http://www.juniper.net/techpubs/software/junos51/swconfig51-routing/html/bgp... They introduced a cool feature (idle-timeout). "If you include the idle-timeout statement, the session is torn down for a specified amount of time, or forever. If you specify a period of time, the session is allowed to reestablish after this timeout period. If you specify forever, the session will be reestablished only after you intervene with a clear bgp neighbor command" German
In the referenced message, Roy said:
Registering is not "bad", its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit..
This is the case of transit so I am a customer paying money for a service. I started this subthread because I felt others would want to know about this. I made the mistake of buying transit service without asking about their BGP policies. I was hoping to help by sharing my experience.
Registered routes, imho are beneficial. It permits filtering based on IRR data, and ensures that the entity announcing the routes has spent at least a modicum of time considering the impact they will have on the network. (Oh, look, I'm registering 500 routes to deaggregate this 1, maybe I'm being rude!) Of course, they still may not care how it impacts the rest of the world. Some providers loosen their filters for registered routes, since the originating entity has taken the time to say "we will announce blah". Otherwise, any leaking of more-specifics with the same origin only appears like a route leak that should be protected against. If I were choosing a transit provider, I would look for ones that attempted to do the right thing, as I enjoy stability even at the cost of a few minutes of extra work.
The company I work for has an OC-3 from them and it provides pretty good transit. Every time we've had to deal with their NOC guys (which is not very often) they've been really good about handling whatever issue we may have. Off the top of my head, I can't recall the last time we had an outage on their circut due to an issue on their end. -Eric On Thu, 11 Apr 2002, matthew zeier wrote:
Date: Thu, 11 Apr 2002 16:16:57 -0700 From: matthew zeier <matthew@velvet.org> To: nanog@merit.edu Subject: genuity - any good?
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
Thanks.
- mz
-- matthew zeier - "In mathematics you don't understand things. You just get used to them." - John von Newmann
On Thu, Apr 11, 2002 at 04:16:57PM -0700, matthew zeier wrote:
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
Genuity has a slightly backwards philosophy on delivering traffic to their customers. Once upon a time they tried to sell a friend of mine an OC3, and setup a conference with one of their engineers to answer questions. In the marketing speech one of the things that was mentioned was how they kept ALL their peers at at least XX% (some low number) capacity so there was always headroom, and always immediately upgraded. So I asked them about some peers I knew at that exact moment were congested and they refused to upgrade, such as their DS3's to AboveNet (look at the Yearly graphs and you get a good idea of how things used to be): http://west-boot.mfnx.net/traffic/maee/iad-bbn.html http://west-boot.mfnx.net/traffic/chi/chi-bbn.html Their answer? "Well in that case we don't want any more capacity into them. You see they send us more traffic then we send them, which we don't want." So I asked "If I am a customer, aren't I paying for you to deliver me traffic FROM other networks as well as TO them? How do I benefit from massive congestion to a major content hosting network?". They were of course dumbfounded. So if you don't care about your traffic being potentially becoming a pawn in the Ratio Wars, Genuity will do ya just fine. My argument to them was that if they didn't feel a certain peer was up to their Ratio standards that was fine and they could seek an alternate non-congested path through someone's transit providers, but leaving congested peers up for years was unacceptable. It doesn't take all that much clue to build your own backbone so that it doesn't suck, the real test is how well you are able to reach "the internet", and that means taking care of your peers. In my mind, how quickly and proactively you can upgrade them or work around the other side's stupidities is one of the biggest indicators of the quality of your network. </rant> -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On 2002-04-11-19:16:57, matthew zeier <matthew@velvet.org> wrote:
I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider?
From a customer service prospective, Genuity is excellent. Last time we experienced problems, their NOC opened a ticket, had someone with clue and enable looking at it, notified the customer (me), and had testers from the LEC and WCOM on the horn -- all over the course of ~ 5-10 minutes. And this was 'after hours', mind you...
Pricing is a bit on the high side compared to other providers in their league, at least when I've had things quoted out recently. If you're looking for quality over quantity, I'd have no qualms recommending them. -a
Pricing is a bit on the high side compared to other providers in their league, at least when I've had things quoted out recently. If you're looking for quality over quantity, I'd have no qualms recommending them.
I found that quite the opposite. I was amazed that they matched my Internap pricing. I expected to see something around Sprint or UUNET or AT&T. - mz
participants (18)
-
Adam Rothschild -
Aditya -
Anthony D Cennami -
David Luyer -
David Schwartz -
Eric Whitehill -
German Martinez -
Hank Nussbacher -
Leo Bicknell -
Mark Kent -
matthew zeier -
neil@DOMINO.ORG -
Rafi Sadowsky -
Richard A Steenbergen -
Roy -
Sean Donelan -
Simon Lyall -
Stephen Griffin