RE: multi-homing fixes

From: Randy Bush [mailto:randy@psg.com]
Sent: Monday, August 27, 2001 4:58 PM

>>> The whole problem seems to me to be a lack of a
micro-allocation policy,
>>> and an agreement from providers that they will not
filter that space.
>> judicious use of this might be helpful. the problem is
the 'judge' in
>> judicious.
> indeed. but it would still disassociate the space conservation and
> table growth problems to some extent; the "judge" being the same
> as today.

ahhh, somebody understood the comment.

the problem is that there is no obvious detent on the knob.
to start the
usual posturing and flamage, i propose min 2xDS3 multihomed.

I would sincerely like to know why not 2xDS1 multi-homed.
Most businesses can't cost-justify dual DS3's and many (UNited Airlines)
gate their entire company through a T1 (not counting the ecommerce stuff,
which is colo'd as it should be).

A quick scan through the customer database shows customers on 2*256 links
(approx) and there might be smaller ones. I wouldn't be surprised to see
multihomed people with 64k or smaller links.

Please remember that that bandwidth costs a lot more in most countries
than it does in the US.

2xds3 as a minimum, that seems a bit steep. I personally would have no
problem with someone going with frac ds1 with 2 different providers in
order to protect themselves from one provider's hardware, circuit, or
routing failure. Sometimes people for security or ease of physical access
reasons want hardware at their premises.

Brian "Sonic" Whalen
Success = Preparation + Opportunity

the point of 2xDS3 was specifically to get major services, and not to get
every basement dual-homer. do the latter and you have the same grazing
of the commons as we have today.

randy

Please explain why the "basement dual-homer" should not have the same
right to diversity as the "major services."

And please, be specific.

Patrick Greenwell wrote:

Please explain why the "basement dual-homer" should not have the same
right to diversity as the "major services."

And please, be specific.

  The quesetion is bogus, there is no such thing as a right to have a route
in my router without paying me for it. If I choose to extend that privilege
to people who meet certain minimum requirements because I believe the
benefits will outweight the costs, then that's *my* right. All others can
pay me to do it if they want me to. Your rights end at my network.

  DS

If I'm not mistaken, we were talking about the standards for micro-allocations
with respects to the RIRs and not your network specifically. If I was
speaking about dictating your rights to set your own network policy, I
would have mentioned it.

What good will a microallocation from the RIR do if it's not routable? If
you think you can talk about allocation policy without considering routing
policy, you are mistaken.

  DS

* Thus spake David Schwartz (davids@webmaster.com):

[snip]

  The quesetion is bogus, there is no such thing as a right to have a route
in my router without paying me for it. If I choose to extend that privilege
to people who meet certain minimum requirements because I believe the
benefits will outweight the costs, then that's *my* right. All others can
pay me to do it if they want me to. Your rights end at my network.

  DS

I agree that there is no 'right' to have a route in someone else's router.
Different providers, different policies etc. etc. However, if I choose
to filter on allocation boundaries but advertise prefixes to peers that
I myself would filter based on my own policy is that considered
hypocritical? Bad form? Acceptable? Just wondering aloud.

Randy

Do you have any Idea of the cost of a T3 from overseas to the US?
(or even the cost of a local loop T3 outside the US)

Hint: A T3 from Tel-Aviv to Chicago NAP is 6 figures (US$) a _month_
And this is after de-regulation dropped the price of a fiber link to under
satellite link price(2-3 years ago a fiber terrestrial link was ~ 3 times a
satellite link with an minimum RTT of ~ 550 msec ;-( )

None of course.

The question is would you honor microallocations from a RIR if they
said "we have designated this particular space for microallocations, would
you please accept routes for these netblocks with these prefixes?"

It is of course completely up to you, and I don't believe anyone was
questioning or challenging the sovereignty of your network.

Interne routing works due to cooperation, not coersion.

Patrick Greenwell:

None of course.

The question is would you honor microallocations from a RIR if they
said "we have designated this particular space for microallocations, would
you please accept routes for these netblocks with these prefixes?"

  That's what this discussion was about, until the right to have it was
questioned. (That's what the 'who decides' questions are about, aren't
they?) ARIN could decide to issue /32's to dialup customers so they could
change providers without renumbering and it would do no good since nobody
would carry those routes.

  Providers generally filter on allocation boundaries (or are more generous)
because they trust the RIRs to set sane allocation policies. It would be a
waste of IP space and harm the net as a whole if RIRs adopted a
microallocation policy that was too generous and resulted in allocating
non-routable IP space.

  Hence the desire to discuss amount network operators what a reasonable
microallocation policy would look like. This is why comments like:

Please explain why the "basement dual-homer" should not have the same
right to diversity as the "major services."

And please, be specific.

  Don't make any sense. That was my point in replying to you. There is no
right to a route in my router. If you want a route in my router, you better
find out what routes I'm willing to carry and under what terms.

  DS

Hi,

It would be a
waste of IP space and harm the net as a whole if RIRs adopted a
microallocation policy that was too generous and resulted in allocating
non-routable IP space.

One could argue that the RIRs are wasting address space by allocating on arbitrary boundaries, e.g., /20s, instead of allocating according to documented requirements.

One could also argue that the "sane" allocation policies of the RIRs have resulted in ISPs not being forced to figure out how to apply effective mechanisms to limit route prefix growth and as a direct result created a tragedy of the commons in the DFZ.

Of course, I wouldn't argue those positions...

Rgds,
-drc
Speaking for no one (and/or nothing) but myself

I agree that there is no 'right' to have a route in someone else's router.
Different providers, different policies etc. etc. However, if I choose to
filter on allocation boundaries but advertise prefixes to peers that I
myself would filter based on my own policy is that considered
hypocritical? Bad form? Acceptable?

normal business. you're doing that for which folk PAY you.

randy

One could argue that the RIRs are wasting address space by allocating on
arbitrary boundaries, e.g., /20s, instead of allocating according to
documented requirements.

  If someone were to argue that, someone could reply that unless people
cheat, no IP address space is wasted because the registries still only
allocate based upon demonstrated need. One could even argue that a smaller
allocation policy saves IP space because it stops people from cheating by
asking for more IP space than they need.

One could also argue that the "sane" allocation policies of the RIRs have
resulted in ISPs not being forced to figure out how to apply effective
mechanisms to limit route prefix growth and as a direct result created a
tragedy of the commons in the DFZ.

  I'm not sure I believe that this tragedy of the commons exists where people
route on allocation boundaries. If I make Sprint carry an extra route just
for my little network, that helps all Sprint customers reach my little
network. I may not have many hosts, but Sprint has many, and each of those
reach my just a bit better. A distinct route for a distinct network of at
least some minimal value doesn't create a tragedy of the commons. Where you
do have a tragedy of the commons is where people place routes without
technical justification. A sane microallocation policy shouldn't exacerbate
this.

  In any event, historically the dog has wagged the tail and the tail has
wagged the dog.

  DS

David,

        If someone were to argue that, someone could reply that unless people
cheat, no IP address space is wasted because the registries still only
allocate based upon demonstrated need.

While "demonstrated need" is easy to say, it is much more difficult to actually verify, particularly when the demonstrated need is projected into the future.

One could even argue that a smaller
allocation policy saves IP space because it stops people from cheating by
asking for more IP space than they need.

Exactly. The RIRs are forced to balance conservation of the remaining free pool of addresses (the only thing the RIRs really have any control over and even that is pretty tenuous) with the number of route prefixes in the default free zone (something the RIRs have no control over but which ISPs do). Historically (since CIDR and 2050), the balance has been swung towards limiting the number of prefixes in the DFZ, primarily by restricting the number of new prefixes allocated (there were other policies, e.g., APNIC's policy permitting the return of multiple prefixes for a single prefix of the next largest CIDR block with no questions asked, but most of the focus has been on preventing new prefixes from being allocated).

move the balance back towards neutral a bit. Address space would be allocated for those applications that need to be announced in the DFZ but which don't represent a large amount of address space. Of course, figuring out exactly what those applications are will be a bit of a challenge for the policy makers, but hey, that's what they get paid for (well, if they got paid for doing it, of course).

        I'm not sure I believe that this tragedy of the commons exists where people
route on allocation boundaries.

The tragedy of the commons exist because there is a limited resource, incentive to do the wrong thing, and disincentives to do the right thing. Until there are disincentives to do the wrong thing, e.g., filter routes, apply a charge to routes in the DFZ to encourage aggregation, etc., incentives to do the right thing, and/or the limitations in the DFZ are removed, you _will_ get a tragedy of the commons.

A distinct route for a distinct network of at
least some minimal value doesn't create a tragedy of the commons.

Of course it can.

Where you
do have a tragedy of the commons is where people place routes without
technical justification.

Technical justification does not remove the limitations on a resource, it merely allows triage as to who gets to use the resource.

Micro-allocations and filtering are treating symptoms. The underlying disease (rational route announcement policy) could conceivably be treated by applying standard market economics to the problem, but there hasn't yet been enough incentive to figure out how to do it (and/or get over the historical resistance to doing it).

Rgds,
-drc
Speaking only for myself

Curious that this entire discussion is justified by
delivering what your customers pay you for, when what is
proposed couldn't be further from that.

If this is about what customers pay for, then we would be
disussing how to accommodate, and even encourage effective
multi-homing at a more granular level. Customers pay for the
network to work end-to-end. More choices mean better
performance, more reliability. The entire premise for this
discussion goes directly against that.

Let me guess, this /is/ for the good of the users, because
if we don't do it the world will blow up with too many
routes. Uh huh. And everyone is turning down customers who
want to multi-home a /24.

I pay my network providers to reach all those multi-homed
/24's quickly and reliably. Filtering devalues your network,
I buy from your non-filtering competitor instead. BTW, your
sales people (if you are a major carrier) are salivating
over my RFP. Your CEO sweats bullets over next quarter's
numbers. Filtering /24's doesn't seem important to them.

Where did the 'you don't pay me, so you can't use my route
table' argument come from? A multi-organizational,
ubiquitous, globally-reachable, resilient network presumes
that the majority of routes in my router are /not/ my
customers, and /that's/ why the network is valuable.

I'm not saying there isn't a problem, or that we shouldn't
be doing anything about it. But it's one thing to talk about
the problem (technology needs to improve to allow
individuals and small companies to have better reliability),
and quite another for networks to be hypocritically
preaching/enforcing the 'pay or be filtered' principle while
violating the principle themselves.

Pete.

pete@kruckenberg.com (Pete Kruckenberg) writes:

... Customers pay for the network to work end-to-end. More choices mean
better performance, more reliability. ...

Not necessarily. Sure, the potential is there. But more than half the time
in my experience of multihoming, the pessimal path is chosen. This includes
a lot of anycast DNS experiences where each DNS server gives its own close-by
mirror server's address as an answer to www.$FOO.com, thus using UDP
performance into a predictor of TCP performance. Not only ain't it nec'ily
so, it is nec'ily not so.

The trivial case of multihoming is inside a campus where a file server, say,
might be connected to more than one LAN. Unless you're very careful, your
clients will end up talking to the file server through a gateway, that is,
to some connection that it has to some LAN other than the client's LAN. This
pessimality scales amazingly well to the larger Internet.

Don't leave Murphy's Law out of your reliability calculations. More choices
can simply mean more points of failure or more opportunities to make bad
choices.

Paul,