|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Has PSI been assigned network 1?
Karl, you obviously do not understand what global networking and policy routing mean. Right today we nearly killed all Internet by _not_ doing paranoid filtering on ANS route announcements (well we couldn't do it because of certain contractual obligations). ANS had trouble with generating configuration for ENSS 147, so they simply dropped all routes at our MAE-East+ box without filtering they usually do, which would be fine if we didn't do some upgrades at ICM, which involved changing preferences in ICM-SL routing, to the effect that SL started preferring AS 690 as path to many European networks. It resulted in SprintLink -> Europe traffic being moved from SL->ICM FDDI connection to SL->ENSS(147)->ANS core->Dante path; which at the daytime grew and turned out be enough to overload ENSSes along the path. This resulted in ENSS 147 delaying BGP keealives for so long that MAE-E peers (including SprintLink) were dropping their BGP sessions, only to reset them later. Since that causes route caches being flushed all _other_ ciscos were falling back to switching by CPU, became overloaded and started dropping their BGP sessions. Which resulted in snowball of real massive routing flap. I imagine how Internet would work if everybody listened to the enlightened advice of our esteemed sage: >Fascistic filtering breaks connectivity. > >So you trade a *risk* of broken connectivity for KNOWN broken connectivity? > >Sounds like a poor trade to me, and one which, undertaken consciously and >with knowledge of the repercussions, leaves you with being less than a full >Internet connectivity provider. > >After all, if you're filtering perfectly valid announcements then you are, >by definition, not providing connectivity to the "whole Internet" to the >best of your ability, are you? Sorry, Karl. Internet is lucky that people who run most big networks know better than to wait for shit to happen. In the system as large as Internet shit happens permanently. Somewhere, in the most unxpected places. If you persist in your dislike of filtering i guess i'll purely accidentally misconfigure a static route, so it will be the the same as your backbone address. RS won't save you. This is a joke, of course. --vadim
|