|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Has PSI been assigned network 1?
> Karl, you obviously do not understand what global networking > and policy routing mean. Nonsense. You obviously do not understand what providing robust connectivity means. > Right today we nearly killed all Internet by _not_ doing > paranoid filtering on ANS route announcements (well we > couldn't do it because of certain contractual obligations). > > ANS had trouble with generating configuration for ENSS 147, > so they simply dropped all routes at our MAE-East+ box > without filtering they usually do, which would be fine if we > didn't do some upgrades at ICM, which involved changing > preferences in ICM-SL routing, to the effect that SL started > preferring AS 690 as path to many European networks. It resulted > in SprintLink -> Europe traffic being moved from SL->ICM FDDI > connection to SL->ENSS(147)->ANS core->Dante path; which at > the daytime grew and turned out be enough to overload ENSSes > along the path. Sorry, no. You broke this by doing your own "upgrades" as well. Fact is, if someone starts flapping badly at you, and they announce many paths (ie: a significant CPU load is presented by this) you're screwed no matter HOW MUCH you filter. The equipment available today is designed foolishly -- route update processing and actual packet processing should NEVER be done by the same CPU -- but it is -- and as such you're dead when this happens. That cannot be avoided by being a fascist. However, what you can do is make sure that backup paths don't work at all when things break, and in some cases you can make sure that you can't reach certain prefixes at all, when there is a perfectly valid path being announced to you. In some of these cases of "backhoe fade" and even software failure connectivity has been impacted when it SHOULD NOT HAVE BEEN by this policy of yours. Filtering only serves to violate the premise of BGP4 and routing in general - that the metrics and route weights will guide a packet to the most expeditious path. When you remove some of those choices, you second-guess the physical realities of the time. What you're doing here is *removing* choices. This is bad. Making certain choices <less desirable> is good, and is how you should get packet loads and traffic shares to go where you want. But removing some paths from consideration entirely by pretending they don't exist when in fact they do serves to violate the integrity of the net as a whole. > Sorry, Karl. Internet is lucky that people who run most big networks > know better than to wait for shit to happen. In the system as large > as Internet shit happens permanently. Somewhere, in the most > unxpected places. Yep. So? You wish to argue with the fact that people do silly, stupid, inept and sometimes even malicious things? No argument. Your solution is to lock everyone up BEFORE they do something bad? This has to tie in with a political philosophy somewhere.... > If you persist in your dislike of filtering i guess i'll purely > accidentally misconfigure a static route, so it will be the the same > as your backbone address. RS won't save you. > > This is a joke, of course. > > --vadim -- -- Karl Denninger ([email protected])| MCSNet - The Finest Internet Connectivity Modem: [+1 312 248-0900] | (shell, PPP, SLIP, leased) in Chicagoland Voice: [+1 312 248-8649] | 7 POPs online through Chicago, all 28.8 Fax: [+1 312 248-9865] | Email to "[email protected]" for more information ISDN: Surf at Smokin' Speed | WWW: http://www.mcs.net, gopher: gopher.mcs.net
|