North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Has PSI been assigned network 11111111?

  • From: Paul A Vixie
  • Date: Mon Apr 24 03:11:28 1995

"Be liberal in what you accept..."

NOT.

Not when it comes to routes.  Announcement ACL's have to be explicit or
we are all in for a world of hurt.  At CIX I'm doing it with just ASpath
info but it really has to be route by route, which means something like
the old Merit way of having each netblock specify its route preferences
in some kind of global delegated database that we can each gen our ACL's
from.  In all the hoopla for and against route servers, we seem to have
lost sight of the fact that distributed rwhois (distributed along CIDR
lines) for netblocks would be a fine way for all of us to stay in sync.
I know several NSP's who do this more or less by hand and it's hellish.

When I ran 16.0.0.0/8's IGP, I used explicit ACL's.  My exterior peers
(you know who you are) used explicit ACL's to protect themselves against
me, too, and it was a good thing since I periodically sent them a default
route or some other leaking icky thing and it was good for me to get a
single phone call from my BGP saying "hey, cut that out you idiot" than
to get 250,000 phone calls from everybody in the universe asking "why are
you doing this to me?"

As my favorite WG chair likes to ask me, "can we try and remember what
it was we were arguing about?"  We are not all of a like mind with respect
to the RS, but is the RA so bad if it lets each NSP (and many multihomed
ISP's) gen up their local ACL's in a way that respects the wishes of a
netblock's owner?  So what if the RS people also use it -- if you don't
want to peer with an RS, then don't ("what if they threw a party and nobody
came?")  Do we also/still need to argue about whether the RA data itself 
ought to be kept?