Re: The Gorgon's Knot. Was: Re: Verio Peering Question
| So your downstreams pay you to connect to: | | + Your AS only; | | + Some of the Internet, but with little concern re accessibility | of small networks; | | + The whole Internet with as much reliability as possible? if #3 then what's the problem with: ip as-path access-list 1 permit _badguy_ route-map fix-badguy permit 10 descr proxy-aggregate the networks who are "holey" match as-path 1 router bgp my-as aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy ... except that historically (with one exception, which was rude but educational) the "badguys" weren't really bad as much as lost somewhere, and didn't realize what was happening to them. So, rather than make a subtle change that some backwards ISPs never even noticed, a more forceful change (filtering) was made, and everyone noticed that, but more because of the continuing bad PR about how evil and rapacious it was to filter in the first place. Oh, wait, throwing away the holes can lead to a sub-optimal path selection! And troubles with holes coming from other directions! "shut up and send me a cheque." -> something more polite but meaning the same so that customer will happily pay for a "route-pull". Again, the great regret was the lack of a web page that would let one pay to blow holes in the filter and similar mechanisms that have been deployed from time to time (proxy-aggregation against backwards ISP, filtering against backwards ICM, RIPE-210 against the entire universe). | Maybe I'll filter anything longer than a /8... Please do, and tell us what you CAN'T reach after you throw away all the longer prefixes, and if you care after you install a default or proxy-aggregate, or whatnot to try to retain connectivity to those "extraneous info" destinations. Sean. ps - for those who don't know, ICM is AS 1800, and has an interesting history
Date: Fri, 28 Sep 2001 17:30:15 -0700 (PDT) From: Sean M. Doran <smd@clock.org>
[ snip ]
| + The whole Internet with as much reliability as possible?
if #3 then what's the problem with:
ip as-path access-list 1 permit _badguy_
route-map fix-badguy permit 10 descr proxy-aggregate the networks who are "holey" match as-path 1
router bgp my-as aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy ...
And one aggregates a lone /24 with what? Again, my point (and I believe Patrick's) is that there are valid reasons for an entity without a PI /20 to multihome. Filter the /24s, and we have a problem. Of course, I guess that AT&T, PSI, BBN, etc. can save their multihomed downstreams from certain filtration by... allocating more IP space in 60/8 through 66/8, or from "class C" space. How efficient.
So, rather than make a subtle change that some backwards ISPs never even noticed, a more forceful change (filtering) was made, and everyone noticed that, but more because of the continuing bad PR about how evil and rapacious it was to filter in the first place.
*sigh* Maybe I need to use more emoticons. The part where I said that filtering is a good thing -- _to a certain extent_ -- was serious...
| Maybe I'll filter anything longer than a /8...
Please do, and tell us what you CAN'T reach after you throw away all the longer prefixes, and if you care after you install a default or proxy-aggregate, or whatnot to try to retain connectivity to those "extraneous info" destinations.
...and I _certainly_ hope that nobody believed me on this one. Filtering longer than /8 is clearly stupid. Filtering /32 is clearly a good thing. Now, where do we draw the line? Do we filter multihomed /24s? I vote that's unacceptable. As Patrick pointed out... if _all_ major carriers filtered _all_ /24 adverts, one would essentially be single-homed to one's IP space provider. Back to "route to the whole Internet with as much reliability as possible". I contend that someone purchasing bandwidth wants to maximize reliability to _all_ of the Internet. Someone selling bandwidth should deliver. I offer the overused example of AS11643... they're just basement multihomers with /24, /23, and /22 prefixes. Clearly those adverts deserve to be filtered. *waves big sign stating "sarcasm here"* If EXDS routing were fscked, how does one reach 216.32.120/24? Assume for the sake of this discussion that one cannot hear /24s via 701, 1239, or 6461. [How much is eBay paying XO to carry its longer prefixes?] So: Where do we draw the line on filtering? Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.
participants (2)
-
E.B. Dreger -
smd@clock.org