Re: Using unallocated address space

[michael thomas guldan <michael () core ele-mental org>]

On Thu, Feb 15, 2001 at 01:16:29PM -0800, smd () clock org wrote:
> Cool, speeding tickets for people with 10Gbps links in production today.

"if you route, don't drink.  if you drink, don't route."
 
> We don't need a "police force" per se as much as a functionary who, on
> behalf of the paying membership of the registry, tries to establish
> (e.g., with a phone call!  or some email!) whether the announcement
> is a question of simple, honest misconfiguration or misunderstanding,
> or whether it's deliberate.   Moreover, with another couple of
> phone calls (or email), a deliberately bad announcer can talk with 
> the network(s) immediately upstream from a deliberate bad-announcer
> and suggest that the membership as a whole would appreciate the
> installation of strict filters against the bad announcer.

i agree that a setup as described here could have it's place..  i'm warning
against the "hang `em high" attitude that was being proposed in earlier 
posts...  that isn't to say i don't still have misgivings about such a 
system, just that your proposal seems much more sane.

some sort of education and intervention system makes more sense than
a blackhole for any perceived offense approach...

> If that produces no results, rat out the source and its immediate
> upstreams to the whole membership.
>
> | and the offending party will announce 32 /23s..  what will this solve?
>
> Great, so we know that the offending party is not only deliberately
> announcing bogus data into the routing system, but actually _disrupting_
> it.  This is what real-life police are for.

perhaps this example was a little disingenuous on my part..  perhaps a 
better example would be: what happens when people just announce 32 /23s
instead of 2 /19s to make it harder to blackhole...  indeed, if people 
are announcing the /23s right off the bat, it's harder to prove that 
they are being malicious(tho it might not be as hard to prove that 
they're idiots :-).. 

>       Sean.

On Fri, Feb 16, 2001 at 03:46:29PM +0100, Daniel Karrenberg wrote:
> In principle this is a good idea. However I suspect that the effort involved
> in getting to the right people at the announcing AS and/or their up-stream 
> peers is "not negligible". So this can easily become a serious effort.

i agree, as the "right people" in this case would not only have to be good
network engineers, but also good at communicating with others AND relatively
immune to politics....

> As a person somehow connected to the registry system ;-) I would be interested 
> to hear privately from ISPs whether they would like such a service and
> -more importantly- whether they would be prepared to put procedures in place
> by which the registries can reliably reach knowledgeable routing engineers
> that have the task of tracking down such problems as well as the resources and
> authority to do so.

i think for something like this to work well, it would have to be somewhat 
separate from the individual registries... 
 
> Daniel

michael

-- 
e: michael () ele-mental org      c: +1.614.260.6716      u: www.ele-mental.org

                 Wir fahr'n fahr'n fahr'n auf der Autobahn