nanog mailing list archives

Re: /24s run amuck

From: Patrick W.Gilmore <patrick () ianai net>
Date: Tue, 13 Jan 2004 15:55:21 -0500


On Jan 13, 2004, at 2:35 PM, McBurnett, Jim wrote:

Ok, I am often outgunned and off target here.
But I have to ask this:
1. If filtering is used, as suggested by someone, what happens to the
        small/mid-sized company that is multi-homed out of an ISP's
        /20 or larger block?  In this case, I can see an ISP with a /20
        bust that up to /21s smaller to accommodate this user.

For everyone who filters, they will only see the aggregate CIDR andsend it to that upstream.

For everyone who does not filter, you will get traffic over the"closest" upstream.

If the link to the upstream with the aggregate dies, interesting thingscan happen. Assuming that upstream listens to its own address space,traffic will go:


  [Filtering network] -> [CIDR upstream] -> [second upstream]

If the CIDR upstream does not listen to its own announcements, you willlose connectivity from anyone who filters.

2. Wasn't /24 filtering something that a few large ISP's did a few
        years ago and everyone complained? I don't have a reference here
        but I seem to remember some flack about that.

Sprint and a few others used to filter on /19s, 'cause that's what ARIN& others handed out. They changed that to /20s when the rules changed.Sprint gave that up.

Last time I checked Verio and a Japanese ISP (NTT?) filtered, but notmany other people did.

Almost everyone filters on /24s - they do not want to see /32s in theglobal table.

3. What happens in the case of a carrier that has given /24s to a
        downstream out of different blocks?

If the downstream is single homed, nothing. The /24s should not be inthe global table, just the provider's local table.

If the downstream is multi-homed, the upstream should try to give outaggregate blocks.

I guess the real question is this:

If X company can not be reached, how/who would you complain to?

Your upstream. You pay them for connectivity, if they cannot provideit, yell at them.

Naturally, this does not always work. Joe Random ISP cannot forceVerio to change its filtering policies.

And would this be like the RR and AOL email filtering lists where
we all complain, and this filtering is an effort by some
to force others to clean up their act?

Yes it is. But this is a bit more religious than spam filtering. Thenagain, so are some spam filters....

Am I out in Left field?


Yes, but aren't we all? :)

--
TTFN,
patrick

Current thread:

Re: /24s run amuck, (continued)
- - - Re: /24s run amuck John Payne (Jan 14)
  - Re: /24s run amuck haesu (Jan 13)
  - Re: /24s run amuck Steve Francis (Jan 13)
    - Re: /24s run amuck Patrick W . Gilmore (Jan 13)
    - Re: /24s run amuck Steve Francis (Jan 13)
    - Re: /24s run amuck Patrick W . Gilmore (Jan 13)
    - Re: /24s run amuck Frank Louwers (Jan 13)
    - Re: /24s run amuck Simon Leinen (Jan 15)
    - Re: /24s run amuck Stephen J. Wilcox (Jan 13)
- RE: /24s run amuck McBurnett, Jim (Jan 13)
  - Re: /24s run amuck Patrick W . Gilmore (Jan 13)
    - Re: /24s run amuck Sean M . Doran (Jan 14)
    - Re: /24s run amuck Patrick W . Gilmore (Jan 14)
  - RE: /24s run amuck Stephen J. Wilcox (Jan 13)
- Re: /24s run amuck Michael . Dillon (Jan 14)
  - Re: /24s run amuck Suresh Ramasubramanian (Jan 14)
  - Re: /24s run amuck Paul (Jan 14)
- Re: /24s run amuck Michael . Dillon (Jan 14)
  - Re: /24s run amuck David Barak (Jan 14)
  - Re: /24s run amuck Steven M. Bellovin (Jan 14)
    - Re: /24s run amuck Timothy Brown (Jan 14)

(Thread continues...)