> > or... why do people insist on injecting routes to non-existent
> > things? a route table entry is a route table entry, regardless
> > of the scope.
>
> Is this where you advocate that providers only announce the parts of
> their assigned blocks that are in use?
seems like a good lead in, so yes - i advocate folks only
announce what they use. may play old-hob on the ISP that
likes to use some other metric for accepting announcements,
(e.g. RIR or other routing registry DB) and will no doubt
increase the tension on justification of proxy announcements,
but overall, this seems to be a good goal.
First, we do accept prefixes from most ASes based on RIR.
Second, we don't simply assign address space sequentially from our
assigned spaces. We have an addressing plan that leaves the assignments
deliberately sparse to allow for better management and the ability to
keep our PA assignments to a site contiguous. To only announce the
active space would increase the number of routes we announce by about
80%. If everyone did this, the routing table would increase
massively. So would the time to compute the routes which might lead to
some really bad instability for some routers.
> Date: Wed, 13 Oct 2004 18:43:45 +0000
> From: bmanning@vacation.karoshi.com
> Sender: owner-nanog@merit.edu
>
>
> > > or... why do people insist on injecting routes to non-existent
> > > things? a route table entry is a route table entry, regardless
> > > of the scope.
> >
> > Is this where you advocate that providers only announce the parts of
> > their assigned blocks that are in use?
>
> seems like a good lead in, so yes - i advocate folks only
> announce what they use. may play old-hob on the ISP that
> likes to use some other metric for accepting announcements,
> (e.g. RIR or other routing registry DB) and will no doubt
> increase the tension on justification of proxy announcements,
> but overall, this seems to be a good goal.
First, we do accept prefixes from most ASes based on RIR.
good traditional thinking .... requireing me to announce the
whole /20 when all i'm using is a /27... after all, its just one
routeing table entry... why should you care? (playing straightman)
Second, we don't simply assign address space sequentially from our
assigned spaces. We have an addressing plan that leaves the assignments
deliberately sparse to allow for better management and the ability to
keep our PA assignments to a site contiguous. To only announce the
active space would increase the number of routes we announce by about
80%. If everyone did this, the routing table would increase
massively. So would the time to compute the routes which might lead to
some really bad instability for some routers.
so -IF- everyone followed your internal address assignment policies,
scattering used space in a sparse matrix throughout the allocated pool,
then announing a single prefix (the aggregate) makes sense. Of
course this leaves you w/ lots of space that is useful for forging
as valid source addresses. (we'll even leave DHCP pools out of the
discussion - for now) so it would make sense for you to announce
the aggregate - since you use "random" bits throughout (nice marbling!)
but for those folks who use a more compact internal representation,
is there a good reason to reject their /27 instead of the larger /20
that has been allocated?
> > Date: Wed, 13 Oct 2004 18:43:45 +0000
> > From: bmanning@vacation.karoshi.com
> >
> > seems like a good lead in, so yes - i advocate folks only
> > announce what they use. may play old-hob on the ISP that
> > likes to use some other metric for accepting announcements,
> > (e.g. RIR or other routing registry DB) and will no doubt
> > increase the tension on justification of proxy announcements,
> > but overall, this seems to be a good goal.
Why? This is a serious question, as the bulk of network
architectures with which I'm familiar have a wall between IGP and
EGP, where the EGP is focused on _stable_ reachability & the IGP
is concerned with optimal forwarding path within the AS. Sinking
(or darknet detecting or...) unused space and happily shuffling
between used & unused without having to worry how it affects
your reachability [or its stability] is a generally a Good Thing.
> Second, we don't simply assign address space sequentially from our
> assigned spaces. We have an addressing plan that leaves the assignments
[snip]
so -IF- everyone followed your internal address assignment policies,
scattering used space in a sparse matrix throughout the allocated pool,
then announing a single prefix (the aggregate) makes sense. Of
[snip]
"There are more internal policies on Teh Intarweb than are dreamt of in
your philosophy." Internal policies are *internal*, and the usual wall
between internal and external policies means that maximal reachibility
can be guarenteed with minimal hassle and zero need to have to pick up
the phone and convince some random remote AS to change their policies to
accept your topology-of-the-week. Seems that any actions that are
recommended should be internal policy/topology neutral, no?
Should I mention publishing the only the deaggregates-in-use essentially
rolls out the red carpet to hijackers letting them know prefixes you
*will*not*notice* that they borrow, except when the abuse calls and
subpoenas come rolling in? Oh no, that's for later in the thread.
Sorry.
