Deciding whose network block is whose?

When some random person decides to announce a subnet, what do providers
accept as proof the person has authority to announce that subnet to the
global Internet? Or the other side, when some random person calls up
complaining that someone else is announcing a subnet without authorization
what do providers accept as proof that the announcement is invalid?

For example, lets say a difficult to reach ISP on the other side of the
planet decided to announce a subnet DRA had assigned for use by one of our
customers. Would major providers take my word a Hong Kong provider was
wrong? Would major providers accept the registration information in WHOIS
and/or IRR the network block had been delegated to me, and to no one else.
Would major providers accept a statement from the APNIC that the HK ISP
had never been delegated any part of the network block? What do you do
when a major provider's front-line customer service personnel don't
understand the problem, but says since the other person is a customer
they have to believe them? Of course, the major provider can't get a
hold of the customer either.

Do providers normally just let customers announce any network, and only
review things after receiving complaints. If so, how do such providers
expect people to complain when one of their customers is causing problems.
How many days, weeks, months is considered normal to reach a competent
person at a major ISP that has the authority to block such a bogus
announcement by one of their customers? Since some (one) major provider
has a policy of not giving trouble ticket numbers when a non-customer
calls, how much ruckus must be caused to get their management's attention?

This can cause partial network outages lasting weeks in some cases. I
hate the idea of needing to resort to things like filing formal criminal
complaints because of the dumb management policy at a major provider, but
it has been required in some other industries these providers operate
in. Slamming is a prohibited practice for long distance carriers, and
the customer can more or less easily get their phone number switched back
to their original provider. How does a customer do the same thing when
their IP network block gets slammed by another provider, or a customer
of another provider?

There seem to be major problems with several of the widely referred to
network registration databases. I see Telstra (AS1221) is once again,
Dec 29, 1997, announcing 3.156.20.0/24. While its possible that General
Electric has an office in Australia, it seems an odd announcement. Other
than Sprint's global default for 0/1 (and then SPRINT has the nerve to
complain when people point default at them) there is no information in
the IRR about valid origin ASNs for Net 3/8. Although Mr. Bono spoke
up about some of GE's activities, other than James C. Shearer, who would
have authority over subnets from network 3/8? And what to do when the
listed contact has left, or worse is a generic position name (e.g.
hostmaster@ or noc@).

Even going by company names isn't enough, because some companies have
very similar names, are merged, unmerged, sliced and diced. For example,
the various companies have "Data Research" in their name, but have
nothing to do with DRA. Nor is the DRA in the UK isn't affliated with
the DRA in the USA.

Network blocks delegated to non-ISPs were fairly easy, because it is
uncommon to see subdelegations. But if you look at net 12/8 (AT&T),
customer subnets are appearing in announcements from other providers.
How do you decide when network blocks can be delegated, or not? In
net 12/8 case, the WHOIS database lists some delegations, but the IRR
shows different ones.

But with CIDR it is even complicated figuring out what type of delegation
was done for subnets. Take the case of 205.164.62.0 which is from a
network block delegated to MCS. The history of this block is a bit odd.
It appears the block 205.164.0.0/16 was first delegated on March 15, 1995
to NET99. On March 29, 1995 205.164.0.0/18 was delegated to MCS. At
some point later the delegation for 205.164.0.0/16 was deleted, and AGIS
was delegated 205.164.64.0/18 and 205.164.128.0/17. Something funny
happened to the database, because now MCS's registration date is
March 29, 2019 (a Y2000 problem?). MCS registered a portion of their
CIDR block in the IRR(MCI), 205.164.0.0/19. Goodnet registered an
IRR(RADB) entry for 205.164.0.0/18. AGIS and PSI have overlapping
registrations in the IRR(RADB) for 205.164.0.0/16. And, of course,
there is the Sprint global default route in the IRR(RADB) for 192/2.
Karl complained about AGIS announcing 205.164.62.0/24, but not about
205.164.13.0/24 which is also being announced by AGIS.

How do you tell the difference between a customer trying to move a
delegated network address when switching providers, and someone whose
announcement would cause problems.

The problem of bogus routing has been getting worse. Is it going to
take a disaster to get the attention of various provider's management?

Priori networks requires any customer who wants to announce a route to us
via BGP, or wants us to announce a route via BGP for them to have the
proper contact information available via rwhois at either the internic
(ARIN now I suppose), RIPE, or APNIC. We filter all incoming routing
announcements from customers by prefix. We have not yet had a problem
where someone has called and said we were announcing their block, so I
cannot tell you for certain what the resolution time for such an issue
would be.

we believe the nics. we have even blocked announcements from peers and
downstreams which a nic told us was unallocated space being 'borrowed'.

we filter customers based on the irr. we are hoping to see more nic/irr
coordination.

randy

Sean,

interesting mail. I have been running into this same address ownership
stuff in Canada with iSTAR.

We have been told by the InterNIC that they can't say anything other
than address space is "enforcable by law". I talked to several
providers who were announcing a couple of iSTAR owned blocks and they
are taking the RADB and InterNIC as authority for address ownership.

They say if iSTAR ownes a less specific block than one of their
customers they will filter out/stop the more specific announcement
UNLESS they get a letter form iSTAR saying all is ok.

Andrew

Sean Donelan wrote:

When some random person decides to announce a subnet, what do providers
accept as proof the person has authority to announce that subnet to the
global Internet? Or the other side, when some random person calls up
complaining that someone else is announcing a subnet without authorization
what do providers accept as proof that the announcement is invalid?

For example, lets say a difficult to reach ISP on the other side of the
planet decided to announce a subnet DRA had assigned for use by one of our
customers. Would major providers take my word a Hong Kong provider was
wrong? Would major providers accept the registration information in WHOIS
and/or IRR the network block had been delegated to me, and to no one else.
Would major providers accept a statement from the APNIC that the HK ISP
had never been delegated any part of the network block? What do you do
when a major provider's front-line customer service personnel don't
understand the problem, but says since the other person is a customer
they have to believe them? Of course, the major provider can't get a
hold of the customer either.

Do providers normally just let customers announce any network, and only
review things after receiving complaints. If so, how do such providers
expect people to complain when one of their customers is causing problems.
How many days, weeks, months is considered normal to reach a competent
person at a major ISP that has the authority to block such a bogus
announcement by one of their customers? Since some (one) major provider
has a policy of not giving trouble ticket numbers when a non-customer
calls, how much ruckus must be caused to get their management's attention?

We only accept announcements incoming from our customers which exactly
match the addresses they have given us as originating from their AS.
This is not a very pretty solution in that it requires our
customer to contact us any time they want to revise the routes that
they are announcing, but it does provide a human check against stupid
errors (or malicious intent).

Brad Reynolds
brad@iagnet.net

Sean

This is precisely what I was on about in the not-the-iepg meeting prior
to the last IETF - there is no current workable mechanisms for a provider
to validate a customer's request to route an address block in
a manner which would permit automation of the request and
the response.

I am looking to the regional registeries to take some level of initiative
and provide clients of their address allocation service the ability to
sign the allocation and then the client can sign the routing request to the
provider which the provider can verify against the regional registry.
We went through this in discussion in the room at the time and it
looked like a viable and useful approach.

regards,

  Geoff

Sean Donelan <SEAN@SDG.DRA.COM> writes:

Other than Sprint's global default for 0/1 (and then
SPRINT has the nerve to complain when people point
default at them) there is no information in the IRR
about valid origin ASNs for Net 3/8.

I am a hypocrite. I have flexible opinions.

However, I do not believe for an instant that Sprint
actually advertised 0/1 to the people Sprint (whether you
mean me, Peter or Hank by that) have complained about.

(We did twice advertise 0/1 to InternetMCI and others,
which was interesting in several ways.)

The problem of bogus routing has been getting worse. Is it going to
take a disaster to get the attention of various
provider's management?

Uhm, what does manglement have to do with reality?
Do you really think there is some manager out there who is
preventing people from "fixing" this problem, or who could
somehow cajole her or his staff into doing a "fix"?

The address registries are believed because the address
registries aggregate the routability policies of the
various networks participating in the Internet routing
system. They are authoritative because ISPs have made
them so to prevent a large amount of bilateral
negotiations about what really should be routed where.

The problem is not the lack of a canon, but the lack of a
cannon; there is no simple means by which to enforce completely
correct routing with present technology, while preserving
the flexibility of timely dynamic reconfiguration of the Internet.

  Sean.

Geoff Huston <gih@telstra.net> writes:

I am looking to the regional registeries to take some level of initiative
and provide clients of their address allocation service the ability to
sign the allocation and then the client can sign the routing request to the
provider which the provider can verify against the regional registry.
We went through this in discussion in the room at the time and it
looked like a viable and useful approach.

Yes, but this is only part of the problem.

I mean, fantastic idea, but then it's not exactly
transitive. How do I know I can trust that Telstra's
announcements have been authorized by the people
responsible for the prefixes in question? Worse, since I
do not talk directly with Telstra, how do I know I can
trust the intermediary networks not to have performed (or
fallen victim to) AS path surgery?

Moreover, other than prefix-length filtering, what can I
do to prevent falling victim to subnet-announcement
attacks? Note that a larger CIDR block can still fall
victim to announcements of /19s in networks which use The
Satanic Filters.

Perhaps you have some idea other than mine (prayer) for
scalably solving these and similar issues?

  Sean.

My point was that one direction of addressing Sean Donelan's
original problem was to clearly identify the point in the network
where the announcement is originated and clearly
identify the legitimacy of each advertisement incrementally
through the use of explicit signatures. It does not address
explicitly the issue of routing policy at a distance, which you
identify as a bloody big scaling problem - and I agree that it is!

g

Geoff Huston <gih@telstra.net> writes:

My point was that one direction of addressing Sean Donelan's
original problem was to clearly identify the point in the network
where the announcement is originated and clearly
identify the legitimacy of each advertisement incrementally
through the use of explicit signatures.

Grand, so you have all these little signatures floating
around. Are you going to process them at all your
gateways, or are they there just in case something goes
wrong? If the latter, how do you expect the signatures
might be used in practice?

It does not address explicitly the issue of routing
policy at a distance, which you identify as a bloody big
scaling problem - and I agree that it is!

Is the problem you are trying to solve not "does X have
the right to announce prefix Y"? Perhaps I am missing
something.

  Sean.