North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Has PSI been assigned network 11111111?
"Be liberal in what you accept..." NOT. Not when it comes to routes. Announcement ACL's have to be explicit or we are all in for a world of hurt. At CIX I'm doing it with just ASpath info but it really has to be route by route, which means something like the old Merit way of having each netblock specify its route preferences in some kind of global delegated database that we can each gen our ACL's from. In all the hoopla for and against route servers, we seem to have lost sight of the fact that distributed rwhois (distributed along CIDR lines) for netblocks would be a fine way for all of us to stay in sync. I know several NSP's who do this more or less by hand and it's hellish. When I ran 220.127.116.11/8's IGP, I used explicit ACL's. My exterior peers (you know who you are) used explicit ACL's to protect themselves against me, too, and it was a good thing since I periodically sent them a default route or some other leaking icky thing and it was good for me to get a single phone call from my BGP saying "hey, cut that out you idiot" than to get 250,000 phone calls from everybody in the universe asking "why are you doing this to me?" As my favorite WG chair likes to ask me, "can we try and remember what it was we were arguing about?" We are not all of a like mind with respect to the RS, but is the RA so bad if it lets each NSP (and many multihomed ISP's) gen up their local ACL's in a way that respects the wishes of a netblock's owner? So what if the RS people also use it -- if you don't want to peer with an RS, then don't ("what if they threw a party and nobody came?") Do we also/still need to argue about whether the RA data itself ought to be kept?