North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Sprint's filtering

  • From: I Am Not An Isp
  • Date: Wed Oct 07 19:12:37 1998

At 06:59 AM 10/7/98 -0700, Sean M. Doran wrote:
>Michael Dillon wrote:
>
>| The policies that once were technical policies instituted
>| by Sean Doran are no longer technical policies but a crass manipulation of
>| the marketplace to Sprint's advantage as the archives of this list prove
>| quite amply.
>
>Hello, my name is Sean Doran.

Howdy Sean.  Long time no see. :p

>The reality you seem to forget is that Sprint's holding the line
>on filtering has been holding the number of prefixes being seen
>globally to a conveniently small number.

While this *may* have been true in circa 1995, there is little to no
evidence that 112 is still performing the same service.  If you want a
"technical" argument, Sean, stick to the *facts*, not your assumptions.  To
be blunt, it is impossible to tell what would really have happened had
those filters not been in place for the last few years.  Or are you going
to claim some Carnak like powers to predict what a system as large and
complex as the Internet would do without your sage guidance over a period
of years?

Unfortunately, about the only way to "test" it is to take the filters off.
Fortunately, most providers out there ignore Sprint's filters because an
aggregate is being announced by their upstream and they'll get the packets
eventually.

Personally, I think a far larger gain could be made by searching out all
the people who are announce sub-blocks of their own CIDR from their own
ASN.  While doing this can provide some utility to your peers (e.g. more
accurate MEDs), the overwhelming majority of people announcing a
sub-section of their own CIDR are doing it ... by accident.  (At least I
hope it is by accident. :)  Add to that some aggregation effort (two /18s
into one /17, etc.) and the table would probably shrink quite a bit more
than under the effect of Sprint's filters.  Of course, that's just my
opinion. :-)

The good thing is, the amount of shrinkage from my suggestion can be
calculated fairly easily.  Mr. Rand at Above.Net once ran a script which
showed such calculations and there are things like the CIDR report which
show large amounts of deaggregation by some large providers.  (I seem to
recall one of Sprint's networks being pretty hi up on that list until
recently. :)  Perhaps we should spend some time LARTing those who do not
aggregate properly?

>Just as the several networks who refuse to listen to announcements
>of address space not delegated by the IP registries -- or recorded
>in routing registries as associated with the origin AS --
>Sprint's filtering has done some public good as a side-effect of
>intelligent self-defensive design.
>
>A denial of that is merely petty politicking, rather than anything
>actually rooted in technical issues.

[SNIP]

Actually, Sprint's policy is partially motivated by "politicking" - or at
least by capitalistic goals.  Since you have personally admitted this to my
face, and Sprint's management has said as much in private e-mail, I think
you calm down on the name calling.

If Sprint were *truly* out for the "good of the Internet", then they would
filter their downstreams the same way they filter their peers.  But for
some unknown reason, I see all kinds of small blocks coming out of Sprint.
For instance:

*>i136.150.45.0/24  X.X.X.X              169    100      0 1239 1785 i
*>i136.150.46.0/24  X.X.X.X              169    100      0 1239 1785 i
*>i136.150.60.0/24  X.X.X.X              169    100      0 1239 1785 i
[...]
*>i168.167.25.0/24  X.X.X.X              169    100      0 1239 4005 ?
*>i168.167.26.0/24  X.X.X.X              169    100      0 1239 4005 ?
*>i168.167.27.0/24  X.X.X.X              169    100      0 1239 4005 ?
*>i168.167.28.0/24  X.X.X.X              169    100      0 1239 4005 ?
[...]
*>i208.14.160.0     X.X.X.X              169    100      0 1239 4997 i
*>i208.14.161.0     X.X.X.X              169    100      0 1239 4997 i
* i208.14.162.0     X.X.X.X              189    100      0 1239 4997 i
*>i208.14.163.0     X.X.X.X              169    100      0 1239 4997 i
[...]

(I've obviously edited it a bit, but it's easy enough for anyone here to
check this information at any of the public route servers.)

So Sprint obviously has some agenda besides "the good of the Internet" or
"the size of the table".  Or they at least realize some benifit, financial
or otherwise, from not practicing what they preach.

Now please don't flame me saying Sprint can do as it pleases.  I completely
agree that Sprint is allowed to filter whomever they want whenever they
want.  (As long as the filters don't break any contracts, etc.)  If a
customer doesn't like it, they can move.  I just have a problem with Sprint
saying "we're here to save the Internet" and then doing *exactly* what they
claim others should not be doing.  Hypocrisy annoys me.

Of course, publicly Sprint blames this on their peers.  You see, they say
their peers should filter Sprint the same way Sprint filters their peers.
So, let's take them up on it.  If you honestly believe Sprint is getting
some advantage out of filtering you, then FILTER THEM BACK.  But be sure to
only filter Sprint. :p

If everyone - or even just a couple really big providers - did this, Sprint
would suddenly lose its "advantage".  All those people who bought a T1 into
Sprint so their /24 would be seen globally will be pretty upset when it was
not being seen by, say, UUNET.

Unfortunately, the large backbones don't have the ... backbone to do this.
(Sorry about the pun, I couldn't resist. :)  It's really a shame.  Sprint
is no longer even close to the largest backbone out there, so people don't
have to bow and scrape at their whim.  But they've already taken the heat
for instituting filters, and no one else wants to do the same.  (I gotta
admit, Sean, it took balls to do that - even if you were the biggest back
then.)

Anyway, I'll prolly get flamed for this by all kinds of people saying "of
COURSE the table would be out of control without Sprint's help!"  But
that's okay, I'm used to flames.  Sean's own evidence didn't show me
anything I would call even close to "proof" that 112 is saving the
Internet, so anyone just "claiming to know" 'cause they have been around
longer than me, or they run this network, or they work for this vendor, or
even they are psychic probably isn't going to sway me.  Unsubstantiated
claims are worthless.  OTOH, if you have some *facts* to present, please
feel free to send them my way.

>	Sean.

TTFN,
patrick