Re: "Tactical" /24 announcements

[Jon Lewis <jlewis () lewis org>]

On Thu, 12 Aug 2021, William Herrin wrote:

> On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher <hank () interall co il> wrote:
> > On 12/08/2021 17:59, William Herrin wrote:
> > > If you prune the routes from the Routing Information Base instead, for
> > > any widely accepted size (i.e. /24 or shorter netmask) you break the
> > > Internet.
> >
> > How does this break the Internet?  I would think it would just result in
> > sub-optimal routing (provided there is a covering larger prefix) but
> > everything should continue to work.  Clue me in, please.
>
> A originates 10.0.0.0/16 to paid transit C
> B originates 10.0.1.0/24 also to paid transit C
> C offers both routes to D. D discards 10.0.1.0/24 from the RIB based
> on same-next-hop
> You peer with A and D. You receive only 10.0.0.0/16 since A doesn't
> originate 10.0.1.0/24 and D has discarded it.
> You send packets for 10.0.1.0/24 to A (the shortest path for
> 10.0.0.0/16), stealing A's paid transit to C to get to B.
> Unless A filters C-bound packets purportedly from 10.0.1.0/24. B
> doesn't currently transit for A so from B's perspective that's not an
> allowed path. In which case, your path to 10.0.1.0/24 is black holed.
>
> D broke the Internet. If packets from you reach A at all, they do so
> through an unpermitted path.

A originated the /16 and should be prepared to deal with all bits to IPs 
within it.

What's worse is when A originates/advertises the /16 to C.  A also 
advertises the /24(s) only to other transits D, E, and F.  C's peers that 
don't see the subnets send traffic to C that C then has to send out via 
transit to reach D, E, or F.  I've been C :(  We asked A to make it stop.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________