Re: Anyone notice strange announcements for 174.128.31.0/24

["Patrick W. Gilmore" <patrick () ianai net>]

On Jan 13, 2009, at 11:53 AM, David Barak wrote:
> --- On Tue, 1/13/09, Jared Mauch <jared () puck nether net> wrote:
> >         No, they are both victims.  If I inject a path that
> > purports
> > there is an edge between two networks which are engaged in
> > a bitter
> > dispute, (i'll use cogent & sprint as an example) -
> > _1239_174_ that may
> > create a situation where someone asserts that their routes
> > are
> > being filtered when infact no connectivity exists.
>
> That's a theoretical possibility, but who would be the one doing the  
> asserting?  I would argue that it would either be the owner of the  
> announced space or someone trying to reach it.  In this case, nobody  
> was trying to reach the /24 in question, and the owner was the one  
> doing the experiment.  Victimless crime, at most.

Interesting.  You think it is OK to use my my ASN for things as long  
as no one is trying to do those things?


> >         Does that mean that I hijacked their identiy and forged
> > it?  What level of trust do you place in the AS_PATH for your
> > routing, debugging and
> > decision making process?
>
> AS_PATH != identity, and I would not recommend loading the latter  
> onto the former.

We disagree.  When I am researching something, I frequently look at  
ASNs in the path to figure out not just where but who controls the path.


> >         Personally, I would be upset if someone injected a route
> > with my ASN in the AS_PATH without my permission.
>
> Why?  Is this a theoretical "because it's ugly" complaint, or is  
> there a reason why manipulating this particular BGP attribute in  
> this particular way is so bad?  Organizations do filtering and  
> routing manipulation all over the place.  Is there something worse  
> about doing it this way than others?

Filtering and other manipulation happened on your router, prepending  
my ASN is putting that information into every router.  That seems to  
be a serious qualitative difference to me.  Do you disagree?


This thread has been interesting & educational.  So many people seem  
to be happy to explain why they should be allowed to use globally  
unique identifiers they do not own in ways which were not intended,  
then explain to the people who do own those identifiers how they  
should react, which alarms should go off, and even which priority the  
alarms should have.

As I have repeated probably hundreds of times: Your network, your  
decision.  I have yet to hear a credible argument against that  
stance.  What you do _inside_ your network is _your_ decision.  When  
it leaves your network, however, things change.

Announcing an ASN which is not yours to eBGP peers means it is leaving  
your network, which means it is not just your business.  Doing so and  
then telling the ASN owner that they should not worry about it  
afterwards - and in fact arguing when the owner repeatedly tells you  
this caused them problems - does not seem to be the proper course of  
action.


I mentioned earlier in the thread if Cogent prepending Sprint's ASN to  
Verio, people would react differently.  Randy said tools can be used  
for good or bad, obviously implying he's the good guy.  He is not the  
good guy.  He used someone else's resources without their permission  
and without even notifying them, costing them time & effort.  Randy  
doesn't get to decide if the ASN owner should have alerted or  
investigated  or whatever, and neither do any of you unless it is your  
ASN.

How can anyone seriously argue the ASN owner is somehow wrong and keep  
a straight face?  How can anyone else who actually runs a network not  
see that as ridiculous?

--
TTFN,
patrick