North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: verio arrogance
On Thu, Jul 18, 2002 at 11:54:30PM -0400, David Diaz wrote: > Is there any need to keep the routing table to a smaller size. Since > in theory, it creates suboptimal routing. And considering the new > routers out there today should be able to handle it. Considering > verio is using junipers, and they pride themselves on handling a > tremendously large table. Why should we shoot for a 100,000 route > table instead of 500,000 if it does not impact performance? When you are talking about BGP reconvergance when a router crashes (oh wait, they would never crash ;-) or is upgraded it takes a lot longer to advertize 500k routes than 100k routes. Even with a really-fast processor it obviously takes more time to do route lookup in doing best-path computations with 100+ ibgp peers. Then you start to talk about the memory footprint of 500k prefixes, once you start to include received-side communities as well as your new communities you've tagged on. With route-refresh it's not that bad, but with soft-reconfiguration enabled it may cause a bit more memory to be used. > I do understand that the 100,000 might be that actual 'installed best > routes' and that the routers might in fact be dealing with a much > larger route table. That might be an issue. But certainly 100,000- > 500,000 installed routes, is that a problem for large backbones with > high end routers? If you venture a guess and say that most "large" networks originate about 5% of the 100k prefixes must be advertized (see peering discussion about minimum routes to advertize awhile back) that numer of prefixes is increased to 25k prefixes. Then if you prefix-filter your customers, you're talking about 5X increased nvram/config requirements. > My only consideration might be the small multihomed ISPs with 2-3 > providers with full BGP feeds and cisco 4000s (256meg ram). I saw > one last week. I might be concerned at that level. "back in the day when full routes would fit in 64m ram". obviously the smaller providers have a bit more of a challenge as they tend to not have support contracts, and it can be a bit tougher to justify router memory. > I'd love to hear feedback. It would then justify filtering...or not. Think about the "7007" and other cases whereby someone announces a large set of routes they should not be. There have been numerous cases of this in the past and as a long as it's possible to easily leak routes incorrectly due to not filtering customers closely, etc.. it will continue to happen. - jared > > David > > > > > At 21:37 -0400 7/18/02, Phil Rosenthal wrote: > >How is it arrogant? > >I read that as: a customer set up an exploitable FormMail. Verio > >received notice about it. Verio removed the FormMail in question. Verio > >asked to be removed since they corrected the problem. Verio was ignored. > > > >Verio may have some problems with not terminating spammers, and I > >believe this to be the truth -- I buy from verio, and Don't spam, and > >whenever one of my clients spam, they get terminated for it. I receive > >plenty of spam from verio ips, and no matter how much I complain, it > >never gets terminated. This is probably a scenario of asking sales rep > >"If I want to spam, but I pay more per meg -- Is this OK?" and getting > >a positive answer. > > > >That is why the NANAE people don't like verio. But, nonetheless, I > >don't think that putting verio's mailserver on a formmail list is > >accomplishing anything good, since they fixed THAT problem... > > > >--Phil > > > >-----Original Message----- > >From: [email protected] [mailto:[email protected]] On Behalf Of > >Kai Schlichting > >Sent: Thursday, July 18, 2002 6:37 PM > >To: [email protected] > >Cc: Kai Schlichting > >Subject: Re: verio arrogance > > > > > > > >How's THIS for Verio arrogance, going to a whole new level: > > > >http://www.monkeys.com/anti-spam/filtering/verio-demand.ps > > > >Details were on the SPAM-L list Wed, 17 Jul 2002 15:51:05 EDT: Verio > >threatens to sue Ron Guilmette over the IP 208.55.91.59 appearing on his > >FormMail.pl open-proxy/formmail server DNSBL. > > > >And given the ever-increasing number of spammers now hopping onto Verio > >tells me that Verio must be well down the spiral of death (spammers seem > >to be attracted by NSP's going chapter 7/11, or who are getting close), > >or else the dozen-or-so automated messages going to [email protected] > >every week complaining about connections (real or attempted) to hosts > >under my control, and originating from their spamming customers would > >have shown any results over time. > > > >I don't need connectivity to 208.55.0.0/16. I really don't, and I have > >not the slightest tolerance for litigious, small-minded, > >panic-lawyer-dialling scum like this. > > > >/etc/mail$ grep 208.55 access.local > >208.55 550 Access for FormMail spam and litigious scum > >denied - XXXX Verio in their XXXXXXXX XXX - we block more than just > >208.55.91.59 - Spammers must die - see > >http://www.monkeys.com/anti-spam/filtering/verio-demand.ps > >/etc/mail$ > > > >PS: I also have zero tolerance for Nadine-type spam-generating, > >"single-opt-in", > > "87% permission-based" emailers nowadays: 2 bounces or a single mail > >to a > > never-existing account, and all your /24's are off into gated.conf as > >a > > next-hop route to 127.0.0.1. And no, they won't get around that by > >advertising > > /25's. > > > >Good-bye route-prefix-filtering wars, and welcome to the war on spam, > >where Null0'd /28's for filtering 'undesirables' just doesn't cut it any > >more. Casualties like 10-15 bystanding rackspace.com customers with a > >"Nadine- type" mailer in neighboring IP space be damned: "move your > >servers into a different slum, cause da landlord's running down 'da > >neighborhood". > > > >-- > >"Just say No" to Spam Kai > >Schlichting > >New York, Palo Alto, You name it Sophisticated Technical > >Peon > >Kai's SpamShield <tm> is FREE! > >http://www.SpamShield.org > >| > >| | > >LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxe > >s > >WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMat > >h > > -- > > David Diaz > [email protected] [Email] > [email protected] [Pager] > Smotons (Smart Photons) trump dumb photons > -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|