RE: genuity - any good?

["Daniel Golding" <dgolding () sockeye com>]

Hmm. From a coding point of view you are certainly correct. From a
troubleshooting POV, prefix lists are superior, because it is much easier to
tell, at a glance, what the ACL is supposed to do, particularly for less
experienced engineers. This is a significant advantage. However, it can be a
big project to convert a large, installed base of extended ACLs to
prefix-list ACLs, so that might be why Genu has held off. Even with a script
or other tool, there is still a chance for some customer downtime.

As far as requring exact ACLs, rather than allowing "greater than or equal
to" type ACLs - there are a couple good reasons for this. One is, to ensure
maximum route aggregation by your customers, and potentially prevent serious
deaggregations. This may also help with troubleshooting.

Of course, it's less convenient for customers, and requires more interaction
and changing of ACLs, which can cause downtime. I suspect the best practice,
at this point, is autogeneration of ACLs using IRR database entries, and
tools like RTConfig or their homegrown equivalent.

- Daniel Golding

> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
> Martin, Christian
> Sent: Friday, April 12, 2002 2:31 PM
> To: 'neil () DOMINO ORG'; garlic () garlic com
> Cc: matthew () velvet org; nanog () merit edu
> Subject: RE: genuity - any good?
>
>
>
> I think the argument is not about route filtering - it is the
> implementation
> method.
>
> Genuity uses ip extended access-lists.
>
> Everyone else uses prefix-lists.
>
> To a purist, the former is more granular, but performs poorly
> because it is
> a linked list implementation.  The later, while less granular, performs
> faster by using a trie.  It also allows insertion without list rebuilding.
> Does this matter much?  I'm sure there are some that have tested
> convergence
> between the two technologies, so I'd welcome comments out of curiosity.
>
> They are somewhat anal with their lists as well.  If you have a
> /19, but you
> want to deaggregate for inbound BGP TE, you will need to send them EVERY
> route you will send.  That can be 64 subnets.  For a /16, it is waaayyy
> worse.  Then again, it allows them to know exactly how many
> prefixes MAY be
> announced from their customers, which I suppose has its merits.
>
> chris
>
> > -----Original Message-----
> > From: neil () DOMINO ORG [mailto:neil () DOMINO ORG]
> > Sent: Friday, April 12, 2002 2:08 PM
> > To: garlic () garlic com
> > Cc: matthew () velvet org; nanog () merit edu
> > Subject: Re: genuity - any good?
> >
> >
> >
> > > 1) Their BGP polices are not as good as others.  They force you to
> > > register each route you want to advertise rather than
> > allowing you to
> > > advertise any reasonable route for your prefixes.  According
> > to one of
> > > their top people, prefix-lists were unreliable new technology.  We
> > > gave up and canceled the circuit.
> >
> > Man I don't know of a provider that doesn't do this - but the
> > fact is this is a good thing.