|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical [Fwd: Re: Peering LSR Violation]
-------- Original Message -------- Subject: Re: Peering LSR Violation Date: Fri, 29 Jun 2001 11:07:58 -0700 From: Doug Junkins <[email protected]> To: Rick Irving <[email protected]> CC: Dorian Kim <[email protected]>, [email protected], [email protected] References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> Rick, Please accept this as 30-days notice that Verio will turn down peering with OneCall unless LSR is permanently enabled on on the peering routers that border Verio. I'm sorry if your interpretation of the requirement in our peering policy is different than ours, but the following clause is clear: Verio reserves the right to not peer with anyone as Verio sees fit and to terminate any peering at any time with 30 days notice. Warm Regards, -Doug Junkins VP, IP Engineering Verio, Inc. On Fri, Jun 29, 2001 at 12:54:46PM -0500, Rick Irving wrote: > Dorian Kim wrote: > > > > On Thu, Jun 28, 2001 at 02:33:28PM -0500, Rick Irving wrote: > > > Rather than tell me -your- conclusion, why don't you tell > > > me what you are trying to achieve ? > > > > LSR is an important tool for us, both for diagnostics and for verification > > of certain peer checks. > > This is a generic smoke screen, I need specifics. > > There aren't many things LSR provides that cannot be provided in > another fashion, with cooperation. > > And, FWIW, with less security risks. > > www.onecall.net has interior -traceroute- pages to provide the > probable services you are attempting to acquire. (See diagnostics) > > > > > "Verio requires that peers permit LSR, loose source routing, at least > > > > at the routers bordering the peering." > > FWIW, we -do- permit LSR.... We turn -on- LSR by request.... > then turn it -off- , when the diagnostic phase is complete. > My NOC -is- staffed 24x7 to respond to such needs. > > Otherwise, LSR is inherently too insecure to -leave- enabled, > so we have to permit it on a case-by-case, instance by instance, > basis. > > > This has also been an explicit part of our peering > > policy as long as Verio has had a peering policy. > > Randy Bush also thought the best solution to bandwidth and > routing > was to buy MCI, UU, and SPRINT instead of peering, at one time. > > You know, in -his- case he may have been right. ;) > > (Just kidding, Randy... smile. :) > > However, We all learn. > > Like I said, perhaps you should tell me your goals, > rather than your conclusion. I think we could plumb > an appropriate solution. > > BTW: In addition to the Record Route header options you appear to > desire, > I'll leave you with Cisco's enigmatic LSR definition: > > ================================================================================= > Loose Source Routing > Allows you to specify a list of nodes that must be traversed when > going to the > destination. > ================================================================================= > > > > We are simply attempt to get you to turn on LSR at the border routers > > as you've agreed to when you agreed to our peering policy. > > We will. > > Please schedule a time, and limited duration, that a tech on my > side > can work with a tech on your side, so we can assist you in running > your diagnostics. > > Thanks in advance. > > > > > Regards, > > > > -dorian > > > > > You are aware that Loose Source Routing is a security risk, correct > > > ? > > > > > > Or, are you simply trying to "record route", and can't get something > > > back > > > ... And your response is to "Inform me" of your policy? > > > > > > > > > Teri Francis wrote: > > > > > > > > Onecall is currently in violation of Verio's peering agreement. Under > > > > the "Technical Policy" section of our peering agreement it states, > > > > > > > > "Verio requires that peers permit LSR, loose source routing, at least > > > > at the routers bordering the peering." > > > > > > > > Please enable LSR on the routers we are peering with. > > > > > > > > Our peering policy has also been updated. Please acknowledge your receipt > > > > of this agreement and your compliance of the policy. Please also include the > > > > entire text of the agreement in your reply. > > > > > > > > This notice will serve as a 30 day notice to depeer should we not > > > > receive a response from you. > > > > > > > > Regards, > > > > > > > > Verio Peering > > > > > > > > ----Verio Peering agreement----- > > > > > > > > Technical : for all trouble and problems with established peers > > > > Problems [email protected] +1 888 598-3746 or +1 214 290-8545 > > > > > > > > Abuse/SPAM : SPAM and similar abuses > > > > [email protected] > > > > > > > > Security : for all other security-related issues > > > > [email protected] > > > > > > > > Peering : for negotiations of changes in peering points etc > > > > [email protected] > > > > do NOT send to this address for technical problems with > > > > existing circuits > > > > > > > > --- > > > > > > > > AS : 2914 > > > > AS-macro : AS-VERIO > > > > Equinix-Ashburn : 206.223.115.12 r00.asbnva01 GigE > > > > MAE-East : 192.41.177.121 r00.mclnva01 Vienna FDDI [0] > > > > 192.41.177.196 r01.mclnva01 Vienna FDDI [0] > > > > 198.32.187.223 r00.mclnva01 VPI/VCI:0/323 aal5snap [1] > > > > CID: 0281b81b0052 > > > > MAE-West : 198.32.136.80 r00.snjsca01 San Jose FDDI [2] > > > > 198.32.136.126 r01.snjsca01 San Jose FDDI [2] > > > > 198.32.200.80 r00.snjsca01 VPI/VCI:0/107 aal5snap [1] > > > > CID: wz898473ip80 > > > > NASA-Ames : 198.32.136.89 r00.mtvwca02 Sunnyvale FDDI [2] > > > > PAIX : 198.32.176.14 r06.plalca01 GigE > > > > 198.32.176.47 r05.plalca01 GigE > > > > AADS : 206.220.243.34 r00.chcgil01 VPI/VCI:3/40 aal5snap > > > > LINX : 195.66.224.138 r00.londen02 100baseT [3] > > > > 195.66.224.139 r01.londen02 100baseT [3] > > > > Xchangepoint UK : 217.79.160.10 r00.londen02 GigE [3] > > > > 217.79.161.10 r01.londen02 GigE [3] > > > > > > > > [0] - Due to the impending terminatation of FDDI services at MAE-East, > > > > Verio is not adding new peers to our FDDI connections. > > > > > > > > [1] - Verio is only provisioning AAL5 best-effort PVCs via WorldCom's > > > > Peermaker for MAE-ATM. No guaranteed bandwidth PVCs will be > > > > accepted. > > > > > > > > [2] - Please peer with MFS-West or Ames only in the same location. Do not > > > > use the overburdened inter-site links. > > > > > > > > [3] - Verio is currently testing prefix filtering based on IRR entries on > > > > our LINX and Xchangepoint connections. You will need to provide > > > > Verio the name of your AS-set in the IRR that descibes the set of > > > > routes you will be announcing. Verio currently accepts the following > > > > route registries: RADB, RIPE, ALTDB, ARCSTAR and CW[4]. > > > > Peering filters will be updated each day automatically at 0100 UTC and > > > > loaded on the routers at 0400 UTC. Contact [email protected] for > > > > technical > > > > problems with prefix filters. These prefix filters do not replace or > > > > supercede our normal peering filters as described at: > > > > > > > > "http://info.us.bb.verio.net/routing.html#PeerFilter";. > > > > > > > > [4] - Please note that due to problems mirroring RIPE 181 database, we are > > > > likely to phase out support for CW routing registry in the next few > > > > months unless CW upgrades their routing registry to be RPSL compliant > > > > and improves their reliability. > > > > > > > > --- > > > > > > > > To initiate peering, you need to send email agreeing to the following: > > > > > > > > General policy for public peering > > > > > > > > The Verio backbone peers with other transit ISPs, and only at the global > > > > exchange points to which the Verio backbone is connected. > > > > > > > > Verio does not peer with any ISP which is a Verio transit customer. > > > > > > > > In the United States, peering must be at least on both coasts, or one > > > > coast and Europe, with the peer having sufficient connectivity between > > > > points to support closest exit routing. > > > > > > > > In Europe, one peering is sufficient for now. Verio may choose to > > > > announce the same routes in Europe as the States, but Verio reserves the > > > > right to announce only that subset of our routes which are local. Of > > > > course, peer may choose to do either. > > > > > > > > Peer agrees to peer locally with Verio at any non-US peering points at > > > > which both appear. > > > > > > > > Peer is responsible for keeping Verio informed of their current contact > > > > information. Please send infomation and updates to: > > > > [email protected] > > > > [email protected] > > > > > > > > Technical Policy: > > > > > > > > Verio requires all BGP sessions have MD5 signature configured. > > > > > > > > Verio requires that peers permit LSR, loose source routing, at least at > > > > the routers bordering the peering. > > > > > > > > Verio requires that peers announce the same routing policy at all points > > > > where they peer with Verio. > > > > > > > > Peers are encouraged to, have NOCs with email addresses, phone numbers, > > > > and 24x7 coverage. > > > > > > > > Peers must agree to actively cooperate chasing security violations, > > > > denial of service attacks, and similar incidents. > > > > > > > > Peers must agree to actively respond to all technical issues within 48 > > > > hours. Non-response may result in depeering and other attention-getting > > > > mechanisms. > > > > > > > > Peers must not abuse the peering relationship by doing any of the > > > > following non exhaustive list: pointing default, resetting next hop, > > > > selling or giving next hop to others, etc. > > > > > > > > Verio reserves the right to not peer with anyone as Verio sees fit and > > > > to terminate any peering at any time with 30 days notice. > > > > > > > > Verio reserves the right to change this peering policy with 30 days > > > > notice. > > > > > > > > 01-JUN-2001
|