We were just allocated a /17 out of 69/8. With all off the recent traffic on
69/8 reachability problems, I asked ARIN if the allocation could come from a
different block.
Their answer was basically that 69/8 (only) is where they are allocating from
and that "from reading NANOG, it appears that much of the problem has been
resolved."
I haven't seen any updated information that 69/8 is now working for people.
Is everyone just quiet about it, or have filters actually been updated making
this a non-issue?
i'm in the midst of writting a brief article about 69/8
reachability that i inted to post on /. and as a result hopefully
it will become a more publically visible issue as places like
news.google pick up /. articles. If you have a server that is
in 69/8 that you want referenced by it, perhaps a test machine
saying "your network appears to be working ok" that you want listed
let me know.
I also am going to allow people to submit urls for a "wall
of shame" that still show 69/8 (amongst others) as something to block.
obviously we won't accept messages to mailing lists that are older
but anyones current "use these filters to help secure your network"
pages should get listed.
I encourage people who find networks that are blocking
69/8 that you get them to fix to ask them if they continue to
use such filtering to subscribe to Rob's bogon-announce list
that is hosted on my machine.
Their answer was basically that 69/8 (only) is where they are allocating from
and that "from reading NANOG, it appears that much of the problem has been
resolved."
I wonder what they based that ASSumption on?
The thread just sort of died...and now you've revived it.
I haven't seen any updated information that 69/8 is now working for people.
Is everyone just quiet about it, or have filters actually been updated making
this a non-issue?
I've been busy with other things, so I haven't been able to spend as much
time on my 69/8 reachability project as I did the first few days. I still
have a list of about 700 destinations reachable from 209.208/17 but not
from 69/8. That's down from about 1000 when I did the first ping sweep.
I know I've personally gotten half a dozen or so networks to update their
filtering. I've also had several messages apparently go ignored (1 week
with no response and no filter update), two of which are US military
/16's.
A bunch of the remaining affected networks are in other countries where
I'm afraid language is going to be a barrier. This issue will likely
never be entirely resolved. Just hope your customers don't care about
reaching the remaining affected networks.
I've definitely noticed the steady decline in complaints in reachability. I
think though at some point it will be resolved, after all all the other
blocks got squared away it seems, or is that an incorrect assumption?
I'd bet they're not all resolved...just mostly to the point that nobody
cares. Does anyone have a traceroute web page from another (not 69/8)
block that recently went from reserved to RIR allocated? I'd be
interesting to see how many of the 69/8 unreachable IPs are unreachable
from other reserved->RIR allocated blocks.
By the end of the week, I expect to have a system setup (big system with
lots of available bandwidth) where people can do simultaneous traceroutes
from 69 and !69 IPs and see the results side by side. I've got this now
on my workstation and have included a link to it in most of the filter
update request messages I've sent, but I don't want all of nanog (much
less /.) hitting my workstation. I also plan to put the reachability
database on that system and make the unreachable IPs viewable.
I'd bet they're not all resolved...just mostly to the point that nobody
cares. Does anyone have a traceroute web page from another (not 69/8)
block that recently went from reserved to RIR allocated? I'd be
interesting to see how many of the 69/8 unreachable IPs are unreachable
from other reserved->RIR allocated blocks.
I'm wondering if there's something special about 69/8... I can't recall
this sort of discussion for 61/8 through 68/8, at least after CIDR in the
former Class A space was initially validated.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
For a very interesting comparison, do groups.google.com searches for
69.0.0.0/8 and then for 61.0.0.0/8. While the first is several pages of
hits saying to block 69.0.0.0/8 as a bogon, all the links for 61.0.0.0/8
seem to suggest blocking that /8 due to spam.