request for help w/ ATT and terminology

Hi. I'm by no means an ip/networking expert, and we're having some
difficulty communicating with the boffins at AT&T. Any
input/advice/translation would be appreciated.

We own our own class C netblock. Our previous provider, Sprint, had no
problem "adding" it to their network/advertising it (that circuit is now
disconnected). We've started using an AT&T colo facility, and we're
having a lot of trouble trying to get AT&T to do the same thing there
that Sprint was able to do for us. AT&T is refusing to advertise our
netblock/path it to our cabinet unless we have an AS number. ARIN has
refused to give us one on the grounds (rightly so) that we're not
multi-homed. AT&T says they'll give us a temporary ASN, and want us
to do eBGP for our netblock. They sent the technical information over
today, and they want two distinct routers to act as the bgp peers...

Anyway, it's all getting (for us) pretty complicated. We're a fairly
small firm and just want an Ethernet handoff with our IP block on it.
Sprint didn't blink at the request, but AT&T... We're getting a good
rate from AT&T for the IP services because it's at their colo.
Switching back to Sprint would definitely be more costly.

Questions:

1. Is what we're asking for unusual/uncalled for?
2. What's the technical terminology for the request for AT&T to simply
start advertising our netblock called? I'm wondering if they're not
understanding our request.

Any other comments/input/suggestions welcomed.

Thanks in advance,

Mike Donahue
WATG

Hi. I'm by no means an ip/networking expert, and we're having some
difficulty communicating with the boffins at AT&T. Any
input/advice/translation would be appreciated.

We own our own class C netblock. Our previous provider, Sprint, had no
problem "adding" it to their network/advertising it (that circuit is now
disconnected). We've started using an AT&T colo facility, and we're
having a lot of trouble trying to get AT&T to do the same thing there
that Sprint was able to do for us. AT&T is refusing to advertise our
netblock/path it to our cabinet unless we have an AS number. ARIN has
refused to give us one on the grounds (rightly so) that we're not
multi-homed. AT&T says they'll give us a temporary ASN, and want us
to do eBGP for our netblock. They sent the technical information over
today, and they want two distinct routers to act as the bgp peers...

Anyway, it's all getting (for us) pretty complicated. We're a fairly
small firm and just want an Ethernet handoff with our IP block on it.
Sprint didn't blink at the request, but AT&T... We're getting a good
rate from AT&T for the IP services because it's at their colo.
Switching back to Sprint would definitely be more costly.

Questions:
nanog@merit.edunanog@merit.edu
1. Is what we're asking for unusual/uncalled for?

It's at&t's network. They should be allowed to run it as they please. So it's hard to say anything (other than abuse) is "uncalled for".

Unusual? Hell yes.

2. What's the technical terminology for the request for AT&T to simply
start advertising our netblock called? I'm wondering if they're not
understanding our request.

Ask for at&t to "originate my /24, and route it to my rack".

If they don't get that, find another provider.

Mike,

  Generally a netblock is homed somewhere if it doesn't have an
association with an ASN. These will often be listed as "non-portable",
and then each ISP would have to choose to allow you to use that netblock
on its network or not.

  Based on your company name and domain I assume your netblock is
192.67.91.0/24, which shows as a Direct Assignment, so you should have the
right to move it.

  I think what you are asking is unusual because you have address
space you are trying to move, but no ASN for the carrier to advertise the
route to.

  In terms of terminology I think "advertise our netblock in your
AS" is about as close as you can get, and you are at ATT's mercy because
they have the right to create their own policies about advertising
client's netblocks as part of their AS. I would say they would most
likely want to handle this by assigning you an iBGP ASN so you can
advertise that block to them privately, and then they would aggregate that
advertisement into their eBGP advertisements for their AS. There should
be no reason to require 2 distinct routers just to use BGP.

  Your other option is to get a cheap link from another provider
that does not include any usage, and use that as the second (backup) link.
At that point you could get an ASN assigned by ARIN.

  -Scott

Some networks (of note, the larger ones) have registered a "customer
ASN". The idea is that networks advertised from their backbone ASN
should only be the ones they own, and all customers who have no ASN
use the customer ASN to originate their block. In most cases the
contract prohibits using the customer ASN with another provider;
it is only to be used to single home to the one network.

I have no personal experience with AT&T in this configuration, but
with several other networks they would prefer an eBGP session where
they send you a default and you send them your prefix using the ASN
they assign. Aside from keeping the prefixes segregated by ASN it
also makes the routing policy a lot simpler. Typically things
announced by the backbone ASN may appear in prefix lists across the
network, while the customer ASN is "just another session".

One of the more interesting "big network" problems is the front
line support tend to not be creative thinkers, and also tend to
believe their internal terminology is industry standard speak. This
can make it difficult to get what you want.

Mike Donahue wrote:

Hi. I'm by no means an ip/networking expert, and we're having some
difficulty communicating with the boffins at AT&T. Any
input/advice/translation would be appreciated.

We own our own class C netblock. Our previous provider, Sprint, had no
problem "adding" it to their network/advertising it (that circuit is now
disconnected). We've started using an AT&T colo facility, and we're
having a lot of trouble trying to get AT&T to do the same thing there
that Sprint was able to do for us. AT&T is refusing to advertise our
netblock/path it to our cabinet unless we have an AS number. ARIN has
refused to give us one on the grounds (rightly so) that we're not
multi-homed.

muli-homing is one way to justify an ASN, "unique routing policy" is
the other. Your directly assigned /24 could be a reason to have
a unique routing policy, especially if your upstreams are unwilling
to originate it from their ASN(s). You may want to re-apply for an
ASN and explain that you will be announcing your directly assigned
block in section 14 of the template.

- Kevin

Please renumber into an AT&T prefix.

Tony

2. What's the technical terminology for the request for AT&T
to simply start advertising our netblock called? I'm
wondering if they're not understanding our request.

You hit the nail on the head with that question. It's called a
purchase order request. You bought vanilla Internet access which
uses AT&T's aggregate address announcements and now you want them
to provide a different service where they manage special announcements
for your address prefix.

There ain't no such thing as a free lunch.

When dealing with large companies, you get cheap prices when you
buy standard products, not when you buy customized services.

--Michael Dillon

P.S. if your network is all in one cage, it can't be that difficult
to just renumber it all into AT&T address space.

All you can say is...* **Caveat emptor.**

Tony Li wrote:

Anyway, it's all getting (for us) pretty complicated. We're a fairly
small firm and just want an Ethernet handoff with our IP block on it.
Sprint didn't blink at the request, but AT&T... We're getting a good
rate from AT&T for the IP services because it's at their colo.
Switching back to Sprint would definitely be more costly.

Please renumber into an AT&T prefix.

Yeah, because that's what's best for everyone else in the world *except*
him.

I understand the desire to keep from exploding the routing tables, but
come on. You big ISP folks need to remember that you exist to provide
service to customers. Without the customers, sure, the explosion of
routing tables wouldn't be a problem, but then you'd certainly have
bigger problems to think about.

(Sorry, I just get a bit frustrated with the coercion that big ISPs
bring about to the little guys expecting the little guys to explicitly
choose to do things in ways that are harmful to their own self-interests)

According to the cached copy of AT&T's bgp4policy.doc at:

http://www.onesc.net/communities/as7018/bgp4policy.pdf

You should just be able to setup BGP with a private ASN. It's not quite what you asked for, but it should be "in policy" at AT&T.

I know we've run into providers that absolutely insist on a customer router even inside the provider's colo, and plenty more that don't. "Their network, their rules".

I'm assuming you have a switch connected to the ethernet handoff. A lot of 1U switches now will do a little bit of layer 3 (including BGP) so it shouldn't necessarily add any equipment to your setup to accomplish this.

Ethernet handoff on one VLAN, your servers on the other... BGP session announcing your /24 with a private-as, and accepting default only (or dropping all routes and running with a static default, whatever floats your boat).

Leo is referring to RFC 2270. Providers can get an ASN to use for customers who want to be multihomed only to them. It's likely ATT has such an ASN that you could use.

http://www.ietf.org/rfc/rfc2270.txt

--Heather

Jeff,

Respectfully, do you see anyone from the big ISPs posting to NANOG complaining about the impact of the routing table size in their DFZ ? The big ISPs (e.g. many of them at the top of the 'Aggregation Summary' of the CIDR report) can probably afford the routing table to be twice the size (perhaps, if they're really big, their igp is already carrying twice as many routes ... ?)

It's the multihomed enterprises, hosting companies, and smaller regional isps who today take advantage of having the full routing table to use, but soon might not be able to afford to, when companies like the OP don't renumber into their new ISP's space when they decide to change provider.

There's some debate in RIPE land right now that discusses, "what actually is the automatic, free, right to PI" ? Every other network in the world pays the cost when someone single homes but wants their /24 prefix on everyone else's router. If one had to pay a registry for PI, then small networks would have to think about the negative externalities of their decision to deploy using PI.

Best wishes,
Andy

multi-homed. AT&T says they'll give us a temporary ASN, and want us
to do eBGP for our netblock. They sent the technical information over
today, and they want two distinct routers to act as the bgp peers...

Two different Quagga instances running on different loopback addresses
on the same machine, and that machine being also one of your servers,
would satisfy their demands for two "distinct" routers and yours for
low budget.

Rubens

Andy,

There was some related work on ARIN PPML last year. The rough numbers
suggested that the attributable economic cost of one IPv4 prefix in
the DFZ (whether PI, PA or TE) was then in the neighborhood of $8000
USD per year.

Regards,
Bill Herrin

I haven't seen that work, but I am guessing this number is an aggregate (i.e. every cost to everyone on the 'Net combined), not per-network? See, I'm just looking at that TWO BILLION DOLLARS PER YEAR number and thinking to myself, "um, yeah, right".

So, given that there are 27206 ASes in the table (latest CIDR report), that means it costs each AS, on average, less than $0.30/year to accept a prefix. I'm thinking that billing each new network with its own prefix would cost more than $0.30/recipient.

Let's make it easy. Let's say only 8K ASNs actually take a full table. (Rest have partial tables or two defaults or something.) So each network needs $1/year per prefix. I still think the billing infrastructure would cost more than the bill itself.

But then, the telcos have been in that situation for a century. Why shouldn't the Internet follow in their footsteps?

Feel free to explain how confused I am. (But be warned, I am not going to believe it costs $2B/year to run a multi-homed network with two full feeds.

> There was some related work on ARIN PPML last year. The rough numbers
> suggested that the attributable economic cost of one IPv4 prefix in
> the DFZ (whether PI, PA or TE) was then in the neighborhood of $8000
> USD per year.

I haven't seen that work, but I am guessing this number is an
aggregate (i.e. every cost to everyone on the 'Net combined), not per-
network? See, I'm just looking at that TWO BILLION DOLLARS PER YEAR
number and thinking to myself, "um, yeah, right".

Patrick,

That was a worldwide total, yes. The cost per prefix per router is
obviously only measured in cents per year.

You do know that Cisco's sales are north of $20B per year, right?
Juniper, which sells few products that aren't DFZ routers, also posts
annual revenues well north of $1B.

Feel free to explain how confused I am. (But be warned, I am not
going to believe it costs $2B/year to run a multi-homed network with
two full feeds.

The thread started here:
http://lists.arin.net/pipermail/ppml/2007-September/008927.html
It was originally an argument of about the cost of doing PI for IPv6,
which according to Cisco product literature consumes twice the amount
of space in the FIB as routes for IPv4.

I encourage you to critique the numbers and then add them up for yourself.

Regards,
Bill Herrin

Hi,

Out of curiosity was the reasoning also to charge the PA who are
deagregating?

To restate there are 113,220 extra routes smaller than RIR minimums out
of the /24:126,450 in the table. The today reality seems to be that
113K of that 126K is probably being caused by existing networks
de-aggregating PA.

While I would I would agree that corporate multihoming with PI has a
huge potential problem on the table in terms of number of prefixes.
Further more as BGP skills are becoming more common place and
Linux/Quagga skills the barrier to entry for a corporate is reducing at
the same time their commercial reliance on and use of the Internet is
increasing.

Corporate multihoming - if permitted - has the inevitable consequence of
an extra prefix.

PA deagreagtion - has the avoidable consequence of lots of extra
prefixes.

I know who I would be charging first and maybe it would give the much
need incentive for them to clean house. We could then have some number
up to 113K new multihomed corporate before we got back to where we are
today in terms of route table size. An interesting question to gauge
the size of the corporate multihoming potential problem is to guess how
many there may be worldwide that would bother / try - I have no idea.

I believe (possibly wrongly) that IPv6 doesn't really have a solution
for multihoming corporate with multiple allocations and weird shims and
NAT configurations to get it to work - or have the RIRs decided on a
policy change yet and issuing PI blocks of IPv6 as well?

Am I correct on my interpretation of the numbers for PA:PI smaller
prefix origins?

Kind Regards

Ben

William Herrin

There was some related work on ARIN PPML last year. The rough numbers
suggested that the attributable economic cost of one IPv4 prefix in
the DFZ (whether PI, PA or TE) was then in the neighborhood of $8000
USD per year.

I haven't seen that work, but I am guessing this number is an
aggregate (i.e. every cost to everyone on the 'Net combined), not per-
network? See, I'm just looking at that TWO BILLION DOLLARS PER YEAR
number and thinking to myself, "um, yeah, right".

Patrick,

That was a worldwide total, yes. The cost per prefix per router is
obviously only measured in cents per year.

I think you mean in tiny fractions of a single cent per router per year. While there are 27K ASes ($0.30/year/AS, remember?), there are many more routers which carry a full table.

You do know that Cisco's sales are north of $20B per year, right?
Juniper, which sells few products that aren't DFZ routers, also posts
annual revenues well north of $1B.

Comparing cisco & Juniper's annual revenue to the cost of a prefix is like comparing Ford & GM's revenue to the cost of bulbs in headlights. Hell, most of cisco's revenue is not even related to routers doing a full table.

Interesting thought experiment. Let's assume _ALL_ $21B of revenue you quote above is routers which can do a full table. The numbers you quote say 10% of that revenue is because of DFZ table size. I was unaware so much cost in a router was just table size. And since we all know that revenue is not all DFZ-capable routers (for instance, how much of that $20B is Linksys?), the %-age is much higher.

Wow, router member & CPU must be very expensive - and optics must be damned cheap.

Besides the obvious absurdity in this, it contradicts the point I made to your last paragraph.

I guess I'm thinking again: "Um, yeah, right".

Feel free to explain how confused I am. (But be warned, I am not
going to believe it costs $2B/year to run a multi-homed network with
two full feeds.

The thread started here:
[ppml] Legacy /24s
It was originally an argument of about the cost of doing PI for IPv6,
which according to Cisco product literature consumes twice the amount
of space in the FIB as routes for IPv4.

Heaven forbid it costs each ASN an average of TWO DOLLARS per year. Eventually, since it will be quite a while before the v6 table is 250K prefixes. Hrmm, I take that back. By the time there are 250K v6 prefixes, there will be far, far more ASNs, so the average cost will be less.

Anyway, thanks for the link. I must be missing something seriously important to the calculation. Perhaps it includes things like human time to upgrade equipment or filters or something? I'll see how the calculation was put together.

Ben,

I believe you are correct that PA deaggregation is a huge problem, but some of that could be corporate multi-homing. (I don't know for certain whether it is greater or less than providers just being ninnies.) Lots of companies get a /24 from one upstream and announce it to two or more upstreams. That is, IMHO, a legitimate deaggregation, as opposed to a provider who is just too clueless aggregate.

But before we go too far down this road, everyone here should realize that new PI space and PA deaggregation WILL CONTINUE TO HAPPEN.

Many corporations paying for Internet access will NOT be tied to a single provider. Period. Trying to tell them "you are too small, you should only let us big networks have our own space" is a silly argument which won't fly.

The Internet is a business tool. Trying to make that tool less flexible, trying to tie the fate of a customer to the fate of a single provider, or trying force them to jump through more hoops than you have to jump through for the same redundancy / reliability is simply not realistic. And telling them it will cost some random network in some random other place a dollar a year for their additional flexibility / reliability / performance is not going to convince them not to do it.

The number of these coAt least not while the Internet is still driven by commercial realities. (Which I personally think is a Very Good Thing - much better than the alternative.) Someone will take the customer's check, so the prefix will be in the table. And since you want to take your customers' checks to provide access to that ISP's customer, you will have to carry the prefix.

Of course, that doesn't mean we shouldn't be thrifty with table space. We just have to stop thinking that only the largest providers should be allowed to add a prefix to the table. At least if we are going to continue making money on the Internet.

Hi Patrick,

I agree, if anything I am advocating a spanking of those in the clueless
category, thus reducing the table size so that up to 110K more PI space
and corporate multi homing can occur without increasing the table
further than today. Seems like a quick gain in flexibility and
functionality for the corporate customers while curtailing the littering
of those that should know better.

Of course it begs the question when do we run out of AS numbers / PI
space - maybe one of those events would now actually happen before
routers collapses under the weight of route table from corporate
multihoming once we have tided up the unnecessary PA deag.

Or maybe... we will run out of corporates first! Which would have to be
the best of outcomes, everyone multihomed how wants/needs plus a
manageable route table without having run out of IPs or AS numbers. Or
am I just living in fairy land?

I guess without knowing the size of the wave of corporate foaming out
the mouth to multihome it is difficult to know whether pushing back the
flood of deagregated PA by 110K is enough to make a serious dent in the
corporate wave or just a ripple to a problem that is too big to ever
solve and enormous route table are inevitable and 100K extra routes from
PA is neither here nor there at the end of the day???

Has anyone worked out any numbers / projections on this going forwards
into the future?

Ben