|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: /24s run amuck
> > Deaggregation is at an all time high, I have raised this > publically in some forums and IXP ops lists. Response is > poor, action is non-existent. > > The only way I can see to do anything about this is for > upstreams to educate their customers and others to pressure > their peers. > > Two primary reasons are given, one is for traffic engineering > purposes to either control the ingress of traffic or to allow > a network to function with critical links down and the other > is to allow blocks to be dropped to mitigate the effects of a > DDoS, I dont believe either justify the deaggregation of > large aggregates into Nx/24s Shared belief: some reasonably small subset potentially functionally justified/relevant, majority unlikely so. > and that a large driver is to > make your network look larger than it is... > What audience?? mh > Steve > > On Sat, 10 Jan 2004, Richard A Steenbergen wrote: > > > Ok, I realized I haven't done one of these since 2001, so it's time > > for an updated list of /24 polluters. With /24s accounting for over > > 50% (more than 71k) of the announcements on the Internet, it seems > > reasonable to try and take a look at why there are so many. > > > > One of the patterns which quickly becomes evident is the > announcing of > > "almost all" of a larger block, but with enough gaps that > traditional > > scripts which look for CIDR aggregation can miss it. For example, > > someone who owns a /16 and announces it as 250 /24s might > not show up > > in other CIDR aggregation scripts because of the missing 5 > /24s, or if > > 1 of the /24s has a different AS Path. > > > > So, solely for the purpose of looking for this pattern, I > have written > > a script which counts the number of /24s announced within a /16 (an > > admittedly arbitrary range, but one which happens to work) with a > > consistant AS Path, and sorts by the highest count. This of course > > doesn't mean for certain that the netblock listed doesn't > have a good > > reason for their deaggregation, but odds are they don't or could > > otherwise take steps to limit announcement to the general internet > > (for example a cable modem provider with 250 individual routes /24s > > but only a single upstream provider, who could announce a > /16 globally > > and use no-export on the more specifics). > > > > This is done from the point of view of a Global Crossing (AS3549) > > transit feed, so things may look slightly different fromy > our corner > > of the Internet. You have been warned. > > > > A summary of the top 250 netblocks by count: > > > > http://www.e-gerbil.net/ras/projects/ipaddr/24summary > > > > Detailed list of the netblocks and AS Path by count: > > > > http://www.e-gerbil.net/ras/projects/ipaddr/24dump > > > > A sorted list of the origin ASs contributing the /24s in > the above lists: > > > > http://www.e-gerbil.net/ras/projects/ipaddr/24asn > > > > If you are on the list or know someone who is, please > encourage them > > to take steps to clean up their act. You may now return to your > > regularly scheduled complaining about Verisign. > > > > > > >
|