YouTube AS36561 began announcing 1.0.0.0/8
Hello, I'm hoping to alleviate the "what's going on!?" type messages here this time. :) Here's an except from the APNIC provided LOA I provided to a couple networks, to carry a new announcement... "To whom it may concern, APNIC and YouTube are cooperating in a project to investigate the properties of unwanted traffic that is being sent to specific destinations in the address block of 1.0.0.0/8. This address block has been recently allocated to APNIC from the IANA, and APNIC and YouTube are wanting to undertake this investigation prior to the commencement of ordinary allocations. Accordingly, APNIC authorizes AS36351 to periodically advertise a route for 1.0.0.0/8 from now until 21 March 2010, and requests that AS36351's peers and upstreams accept this as a legitimate routing advertisement." In a continuation of last weeks experiments... we are now announcing 1.0.0.0/8 instead of 1.1.1.0/24 and 1.2.3.0/24. Cheers ,N (nathan@youtube.com - AS36561)
On Thu, 2010-03-11 at 22:52 -0800, Nathan wrote:
Hello,
I'm hoping to alleviate the "what's going on!?" type messages here this time. :)
<stupid question> Any IPs we can ping and get a response back from to verify everything is ok? 1.2.3.4 isn't pingable, for example. :( </stupid question> William
On Fri, Mar 12, 2010 at 3:53 AM, William Pitcock <nenolod@systeminplace.net> wrote:
On Thu, 2010-03-11 at 22:52 -0800, Nathan wrote:
Hello,
I'm hoping to alleviate the "what's going on!?" type messages here this time. :)
<stupid question> Any IPs we can ping and get a response back from to verify everything is ok? 1.2.3.4 isn't pingable, for example. :( </stupid question>
we (nate/steve who're actually doing the work here, for geoff/george) could probably light up something, but give it 48 hrs?
William
A trace-route reaches the Youtube border... so everything is ok. The routes are being ECMP'd to a set of capture hosts for the purpose of spreading load, aggregating more disk-space for packets, providing some form of redundancy for the experiment, etc. We're receiving about 175mbps of unsolicited noise. I'll leave the remaining details to be provided by the official report/article from Geoff and George. Its amazing how prolific 1.x traffic is. ,N On Fri, Mar 12, 2010 at 12:53 AM, William Pitcock <nenolod@systeminplace.net> wrote:
On Thu, 2010-03-11 at 22:52 -0800, Nathan wrote:
Hello,
I'm hoping to alleviate the "what's going on!?" type messages here this time. :)
<stupid question> Any IPs we can ping and get a response back from to verify everything is ok? 1.2.3.4 isn't pingable, for example. :( </stupid question>
William
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this? - Kevin
On Fri, Mar 12, 2010 at 1:34 PM, Kevin Loch <kloch@kl.net> wrote:
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
Cisco has an interesting write-up on this: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-3/103_awkw...
On 12 Mar 2010, at 1:34, Kevin Loch wrote:
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
Marla and I have drafted a document examining the issues associated with designating additional private address space: http://tools.ietf.org/html/draft-azinger-additional-private-ipv4-space-issue... Please let us know if you have suggestions for improvements to the document. Leo
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
There's no way it's as widely used, and generally speaking, it appears that those who have used it have done so out of ignorance and(/or?) stupidity, sometimes blindly following documentation without comprehending, etc. It isn't clear that the Internet should give up a large chunk of address space because some businesses made poor business choices. After all, we already allocated a bunch of private space for them to use. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Fri, 12 Mar 2010, Joe Greco wrote:
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
I seem to recall that the WIANA project "decided" to use 1.0.0.0/8 for the "internal" network within their meshAP project... http://www.wiana.org/faq.php random data point from memory. -- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
On Fri, 12 Mar 2010, Joe Greco wrote: [something I didn't write]
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
I seem to recall that the WIANA project "decided" to use 1.0.0.0/8 for the "internal" network within their meshAP project...
random data point from memory.
So: I "decided" to use 5/8 for our internal networks because I felt that it stretched my fingers too much to go all the way over to "1" and then over to the other end of the top row to "0." 5 seemed a happier and easier choice. No, but really, what was your point again? IANA should go around making new Class A reservations or delegations to squatters? If so, I really *do* need to get busy and renumbering so I have a claim on 5/8.... :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Joe Greco wrote:
So:
I "decided" to use 5/8 for our internal networks because I felt that it stretched my fingers too much to go all the way over to "1" and then over to the other end of the top row to "0." 5 seemed a happier and easier choice.
The Hamachi P2P VPN client beat you to it... they decided to use 5.0.0.0/8 several years ago. http://en.wikipedia.org/wiki/Hamachi Matthew Kaufman
On Mar 12, 2010, at 4:45 PM, Joe Greco wrote:
There's no way it's as widely used, and generally speaking, it appears that those who have used it have done so out of ignorance and(/or?) stupidity, sometimes blindly following documentation without comprehending, etc.
I don't know about that. Before we abandoned our prior managed-hosting facility for stuff we managed ourselves, ALL of the servers they were managing were using 1.0.0.0/8 for their "internal" address schemes. And this is a pretty decent sized company (Terremark) who I would have thought would have had a clue on it. That said, I agree "people who didn't listen to RFC1918 deserve every bit of pain that they've got coming to them", but I bet there's more morons out there than you're giving the universe credit for. D
On Mar 12, 2010, at 4:45 PM, Joe Greco wrote:
There's no way it's as widely used, and generally speaking, it appears that those who have used it have done so out of ignorance and(/or?) stupidity, sometimes blindly following documentation without comprehending, etc.
I don't know about that. Before we abandoned our prior managed-hosting facility for stuff we managed ourselves, ALL of the servers they were managing were using 1.0.0.0/8 for their "internal" address schemes. And this is a pretty decent sized company (Terremark) who I would have thought would have had a clue on it.
That said, I agree "people who didn't listen to RFC1918 deserve every bit of pain that they've got coming to them", but I bet there's more morons out there than you're giving the universe credit for.
Given the sheer number of 10-net deployments that are out there, I have a hard time envisioning that there are even two orders of magnitude less 1-net deployments. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
There are sizable chunks that are fairly quiet (un-interesting numbers, luck of the draw, etc). Given that its mostly mis-configurations, laziness, ignorance, or poor planning... I suspect the worst ranges will need to be sacrificed, and the remaining 80-90% of the space used for legitimate allocations. Unfortunately, anyone who accepts allocations in 1.x will need to be aware that they will have a slightly lower quality address-space. Accepting 1.1.1.0/24, for example, will land you with a continuous 50mbps of junk... seemingly forever... and a respectable chance that some percentage of the net will never reach you, due to their own misconfigurations. ,N On Fri, Mar 12, 2010 at 1:34 PM, Kevin Loch <kloch@kl.net> wrote:
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
- Kevin
There are sizable chunks that are fairly quiet (un-interesting numbers, luck of the draw, etc). Given that its mostly mis-configurations, laziness, ignorance, or poor planning... I suspect the worst ranges will need to be sacrificed, and the remaining 80-90% of the space used for legitimate allocations. Unfortunately, anyone who accepts allocations in 1.x will need to be aware that they will have a slightly lower quality address-space. Accepting 1.1.1.0/24, for example, will land you with a continuous 50mbps of junk... seemingly forever... and a respectable chance that some percentage of the net will never reach you, due to their own misconfigurations.
Practical solution: Move YouTube to 1.1.1.1, Google to 1.1.1.2, Yahoo! to 1.1.1.3, Facebook to 1.1.1.4, etc. Maybe someone at YouTube was actually testing that strategy ;-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
-----Original Message----- From: Joe Greco [mailto:jgreco@ns.sol.net] Sent: Friday, March 12, 2010 10:53 PM To: Nathan Cc: nanog@nanog.org Subject: Re: YouTube AS36561 began announcing 1.0.0.0/8
There are sizable chunks that are fairly quiet (un-interesting numbers, luck of the draw, etc). Given that its mostly mis-configurations, laziness, ignorance, or poor planning... I suspect the worst ranges will need to be sacrificed, and the remaining 80-90% of the space used for legitimate allocations. Unfortunately, anyone who accepts allocations in 1.x will need to be aware that they will have a slightly lower quality address-space. Accepting 1.1.1.0/24, for example, will land you with a continuous 50mbps of junk... seemingly forever... and a respectable chance that some percentage of the net will never reach you, due to their own misconfigurations.
Practical solution:
Move YouTube to 1.1.1.1, Google to 1.1.1.2, Yahoo! to 1.1.1.3, Facebook to 1.1.1.4, etc.
It is probably the best way to get 1.x free if it is used by big websites. However I don't think that they will change it (to only use these IPs). I think they have an interest somewhere to not change it...
Maybe someone at YouTube was actually testing that strategy ;-) I have something else where I would be happy to accept 1.1.1.0/24 for some time, just to try to get them change settings. If someone want information about it, feel free to contact me off list.
Regards, Mark
On Sat, Mar 13, 2010 at 7:52 AM, Mark Scholten <mark@streamservice.nl> wrote: ..
It is probably the best way to get 1.x free if it is used by big websites. However I don't think that they will change it (to only use these IPs). I think they have an interest somewhere to not change it...
If they added a basic javascript-based 1.0.0.0/8 HTTP connectivity test to www.youtube.com , and alerted users whose networks definitely had issues, there might be some interesting results, due to the site's popularity. Alert as in 20 seconds interstitial message before a video the user tried to play starts ... something like "Your network seems to have some connectivity problems to the Youtube.com IP address 1.2.3.4 and 1.2.3.5, your video will start in XX seconds. Please contact your network administrator." It would be a decent strategy. But yes, I guess there's no real reason for Youtube etc to do something like that, other than being charitable, or someone paying them to do it (as in advertising fee), plus a week's use of some 1.0.0.0/8 addresses is probably not a long enough time for that. Depending on how many (or few) issues there are with the /8, the RIR should want something like this. If end user networks have broken connectivity to the IP space, most of them might otherwise never notice, causing harm and pain to 1.0.0.0/8 web/e-mail address assignees setting up web and e-mail facilities with those addresses that their prospective contacts/visitors never notice, since user's attempt at initial contact simply failed, they never met to do business (e.g. They assumed it was an old site that closed down, broken link, etc)... -- -J
On Mar 12, 2010, at 4:34 PM, Kevin Loch wrote:
Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is. one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years, perhaps it is time to update rfc1918 to reflect this?
Only by people who don't know how to read RFC's and are probably responsible for screwing a bunch of other stuff up as well :) Brian
- Kevin
On 03/12/2010 01:20 PM, Axel Morawietz wrote:
Am 12.03.2010 17:03, schrieb Nathan:
[...] Its amazing how prolific 1.x traffic is.
one reason might also be, that at least T-Mobile Germany uses 1.2.3.* for their proxies that deliver the content to mobile phones. And I'm not sure what they are doing when they are going to receive this route from external. ;)
The same that they're going to do for all the other unassigned /8s they're squatting on internally renumber, or blackhole them. every day I check my phone and as long as I'm in the bay area it's in 14/8.
On Mar 12, 2010, at 1:52 AM, Nathan wrote:
I'm hoping to alleviate the "what's going on!?" type messages here this time. :)
Oh, I understand what's going on exactly. YouTube is trying to balance their ratios. :) -- TTFN, patrick
Here's an except from the APNIC provided LOA I provided to a couple networks, to carry a new announcement...
"To whom it may concern,
APNIC and YouTube are cooperating in a project to investigate the properties of unwanted traffic that is being sent to specific destinations in the address block of 1.0.0.0/8. This address block has been recently allocated to APNIC from the IANA, and APNIC and YouTube are wanting to undertake this investigation prior to the commencement of ordinary allocations. Accordingly, APNIC authorizes AS36351 to periodically advertise a route for 1.0.0.0/8 from now until 21 March 2010, and requests that AS36351's peers and upstreams accept this as a legitimate routing advertisement."
In a continuation of last weeks experiments... we are now announcing 1.0.0.0/8 instead of 1.1.1.0/24 and 1.2.3.0/24.
Cheers ,N (nathan@youtube.com - AS36561)
On Fri, Mar 12, 2010 at 07:34:10AM -0500, Patrick W. Gilmore wrote:
Oh, I understand what's going on exactly. YouTube is trying to balance their ratios. :)
That might explain why they're only announcing it behind Cogent. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
We've never cared about ratios... its futile! Level3 is slow to update prefix lists this time. I simply picked a couple networks that respond to my emails. My laziness to call others is why the route isn't visible there. :) ,N On Fri, Mar 12, 2010 at 7:58 AM, Richard A Steenbergen <ras@e-gerbil.net> wrote:
On Fri, Mar 12, 2010 at 07:34:10AM -0500, Patrick W. Gilmore wrote:
Oh, I understand what's going on exactly. YouTube is trying to balance their ratios. :)
That might explain why they're only announcing it behind Cogent. :)
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
participants (17)
-
Axel Morawietz
-
Brian Feeny
-
Bryan Irvine
-
Christopher Morrow
-
david raistrick
-
Derek J. Balling
-
James Hess
-
Joe Greco
-
Joel Jaeggli
-
Kevin Loch
-
Leo Vegoda
-
Mark Scholten
-
Matthew Kaufman
-
Nathan
-
Patrick W. Gilmore
-
Richard A Steenbergen
-
William Pitcock