nanog mailing list archives

Re: "Tactical" /24 announcements

From: William Herrin <bill () herrin us>
Date: Mon, 16 Aug 2021 09:05:53 -0700

On Mon, Aug 16, 2021 at 7:10 AM Jason Pope <boards188 () gmail com> wrote:

On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher <hank () interall co il> wrote:

How does this break the Internet?


A originates 10.0.0.0/16 to paid transit C
B originates 10.0.1.0/24 also to paid transit C
C offers both routes to D. D discards 10.0.1.0/24 from the RIB based
on same-next-hop
You peer with A and D. You receive only 10.0.0.0/16 since A doesn't
originate 10.0.1.0/24 and D has discarded it.
You send packets for 10.0.1.0/24 to A (the shortest path for
10.0.0.0/16), stealing A's paid transit to C to get to B.
Unless A filters C-bound packets purportedly from 10.0.1.0/24. B
doesn't currently transit for A so from B's perspective that's not an
allowed path. In which case, your path to 10.0.1.0/24 is black holed.

D broke the Internet. If packets from you reach A at all, they do so
through an unpermitted path.


Ok, I apologize, but I have some dumb questions (because I don't BGP anymore):

1) I assume in the scenario that A "owns" (ARIN assignment) 10.0.0.0/16 and if B has a /24 assignment out of the 
block that A "owns", shouldn't that mean that B has a business relationship with A and some kind of direct 
connectivity to A?


Hi Jason,

Not necessarily. It isn't modern practice but as others have pointed
out there have been instances where a customer took an ISP-assigned
block with them when they left.

3) If "yes", then the connectivity wouldn't be broken, right?


Not necessarily. You have to consider the route in -all- of the states
it can be in, including the one where they're not, at this moment,
successfully connected to the ISP which assigned the addresses. I
offered a scenario in a prior post where the ISP's peering router
carries only locally-originated and customer routes. When the customer
loses their connection to the ISP (e.g. cable cut) their route
disappears from the peering router. The users of the ISP can still
reach it via the origin's alternate Internet connection.

Reciprocal peers of the ISP can also reach it via the broader Internet
but can't reach it via the peering connection to the ISP to whom the
origin is not currently connected. If they filter the Internet route,
the path ends up going to the ISP's peering router where it's black
holed.

Regards,
Bill Herrin



-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

Re: "Tactical" /24 announcements, (continued)
- - - Re: "Tactical" /24 announcements Ben Maddison via NANOG (Aug 17)
    - Re: "Tactical" /24 announcements Randy Bush (Aug 17)
    - Re: "Tactical" /24 announcements Tim Raphael (Aug 17)
    - Re: "Tactical" /24 announcements Ben Maddison via NANOG (Aug 19)
    - Re: "Tactical" /24 announcements David Bass (Aug 18)
    - Re: "Tactical" /24 announcements Ben Maddison via NANOG (Aug 19)
    - Re: "Tactical" /24 announcements David Bass (Aug 19)
    - Re: "Tactical" /24 announcements Ben Maddison via NANOG (Aug 19)
  - Re: "Tactical" /24 announcements Tim Weippert (Aug 16)
- Re: "Tactical" /24 announcements Jason Pope (Aug 16)
  - Re: "Tactical" /24 announcements William Herrin (Aug 16)
    - Re: "Tactical" /24 announcements Tom Beecher (Aug 16)
- RE: "Tactical" /24 announcements Jakob Heitz (jheitz) via NANOG (Aug 17)
  - RE: "Tactical" /24 announcements Jakob Heitz (jheitz) via NANOG (Aug 17)