|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Has PSI been assigned network 1?
>> Filtering only serves to violate the premise of BGP4 and routing in general - >> that the metrics and route weights will guide a packet to the most expeditious > > path. When you remove some of those choices, you second-guess the physical > > realities of the time. > > > > Filtering does not violate any premise in BGP4. BGP4 was > designed to allow the assignment of administrative weights. > That is to say, POLICY. And I happen to believe not accepting a > route for 204.68.252/24 from someone who is not authorized to > route the associated ASes is a good policy. If someone > announced a route to NET99 that was not authorized then ANS > would ignore that route, and you would still have connectivity > through us. Only the customers of the ISP who misconfigured his > equipment, and anyone uniformed enough to accept routes from > him, would lose out. Ok, Larry, let me ask the $10,000 question: If I announce 204.137.64/20 to you, how do you know if I am authorized to do so or not? The answer is, absent something LIKE a NACR (ie: RR, RA, etc) you don't. So now, if you *don't know*, do you take it or don't you? I'm not arguing against NACRs and RAs. In fact, just the opposite. If you're going to filter, and I understand that it can serve a purpose, then you *MUST* trust some authoritative source, and that source must have the information to make the decision. Saying "I'll accept anything from the netblocks I gave this ISP, and nothing more" is baloney. A transit provider has NO IDEA what routes you, as an ISP, are authorized to route or who your customers are. My business arrangements and their details are none of anyone else's business, just like I have no business knowing what kind of deal ANS cut with some other provider. Yet if ANS announces to me a prefix at some public peering point, there should be some way for me to determine if it is or is not a legit announcement. All that transit provider needs to know is what you register as announcable via your AS, and that the delegate(s) of those address prefixes agree that you can reach them. That's a function that both NACRs and RAs serve. Filtering *without* that information is time-consuming and serves to break connectivity. Vadim has argued *vehemently* against trusting any neutral, exterior source of this information, like a route server. > But the resulting connectivity is, IMHO, more robust than, to > borrow a metaphor, having promiscuous sessions with all your > peers and praying you don't get the 'black hole', > > Larry Plato > ANS Network Operations You and I aren't disagreeing here. What I disagree with is filtering *without* using something that serves as a table of authorities on who can reach what. -- -- Karl Denninger ([email protected])| MCSNet - The Finest Internet Connectivity Modem: [+1 312 248-0900] | (shell, PPP, SLIP, leased) in Chicagoland Voice: [+1 312 248-8649] | 7 POPs online through Chicago, all 28.8 Fax: [+1 312 248-9865] | Email to "[email protected]" for more information ISDN: Surf at Smokin' Speed | WWW: http://www.mcs.net, gopher: gopher.mcs.net
|