nanog mailing list archives
Re: What is the most standard subnet length on internet
From: Nathan Ward <nanog () daork net>
Date: Tue, 23 Dec 2008 22:02:27 +1300
On 23/12/2008, at 6:40 PM, Church, Charles wrote:
I help a buddy who works for a small ISP. I believe they're ignoring ornull routing large chunks of APNIC. Their customers are aware of the policy, and cool with it. Port scanning and other malicious stuff dropped 50% afterwards.
That sort of thing is common, sure (unfortunately).My question (comment?) is more around why people would filter /24 (or whatever) prefixes (ie. when advertised a /24 prefix over BGP not accept it, so they do not get a route for that /24), and then not have a default. That route is used for outgoing packets, not incoming ones (modulo RPF, etc.).
The purpose of filtering the /24s is to keep the size of their RIB/FIB down, not to limit abuse or something. If you are close to the edge of the network, filtering /24s is a low hanging fruit way to catch a whole lot of pointless routes that don't really gain you much performance benefit, but are going to cost you lots of RIB/FIB space. However, you really need to have a covering default, so you still have some way to reach the people in those /24s.
From: Skywing [mailto:Skywing () valhallalegends com] Snarky replies aside, it might be interesting to hear if there are any real examples of this being done intentionally and not out of not knowing better or otherwise configuration error. For example, Tomas Byrnes's suggestion re: hijacking; although, I suspect that in that case, he's speaking of someone doing this filtering on a one-off basis and not on all /24's in the DFZ.
Yep, that is what I'm interested in.It would be perhaps an interesting exercise to only accept prefixes for which you do not have a covering prefix with the same next-hop, etc. I wonder if router vendors already do that internally as an optimisation when installing routes in to the forwarding hardware? You would have to still have the routes in your RIB but RIB RAM is cheap(er).
-- Nathan Ward
Current thread:
- Re: What is the most standard subnet length on internet, (continued)
- Re: What is the most standard subnet length on internet Seth Mattinen (Dec 22)
- Re: What is the most standard subnet length on internet Nathan Ward (Dec 22)
- Re: What is the most standard subnet length on internet Seth Mattinen (Dec 22)
- Re: What is the most standard subnet length on internet Nathan Ward (Dec 22)
- Re: What is the most standard subnet length on internet Joe Provo (Dec 22)
- Re: What is the most standard subnet length on internet Nathan Ward (Dec 22)
- RE: What is the most standard subnet length on internet Tomas L. Byrnes (Dec 22)
- Re: What is the most standard subnet length on internet Valdis . Kletnieks (Dec 22)
- RE: What is the most standard subnet length on internet Skywing (Dec 22)
- RE: What is the most standard subnet length on internet Church, Charles (Dec 22)
- Re: What is the most standard subnet length on internet Nathan Ward (Dec 23)
- RE: What is the most standard subnet length on internet Tomas L. Byrnes (Dec 23)
- Re: What is the most standard subnet length on internet Seth Mattinen (Dec 22)
- Re: What is the most standard subnet length on internet Grzegorz Janoszka (Dec 23)
- Re: What is the most standard subnet length on internet Alex H. Ryu (Dec 23)
- Re: What is the most standard subnet length on internet Brett Frankenberger (Dec 24)
- Re: What is the most standard subnet length on internet Valdis . Kletnieks (Dec 22)
- Re: What is the most standard subnet length on internet bmanning (Dec 22)
- Re: What is the most standard subnet length on internet Jon Lewis (Dec 22)
- RE: What is the most standard subnet length on internet Scott Morris (Dec 24)