(Apologies if this is flogging a dead horse, but some messages are worth
repeating, if for no other reason than to illustrate the down side of
not understanding the proper rationale for CIDR.)
I thought the dead horse was the conclusion that small ISPs should use
whatever means the ARIN rules allow in order to get PI space. Having used
provider-assigned space for a couple years, I can firmly say it
sucks. Even if I had to talk to every tier-1 to get my de-aggregates
accepted, it would be MUCH less hastle than having PA IP space.
And your suggestion has technical deficiencies as well. I have a leased
line between Toronto and Ottawa, so I want to announce my Ottawa IPs to my
Toronto transit provider as well as an Ottawa transit provider. And the
reverse for the Toronto IPs. My understand is trying to punch holes in PA
space is much more difficult than de-aggregating ARIN PI space.
-Ralph
I can't really see why, as long as the provider has punched the
appropriate hole for your aggregate in their filters. More specific
routes always win out. Or am I missing your point?
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
If the block isn't assigned to you by ARIN, I've encountered cases where
network operators request an LOA before accepting the announcement, even
if there is an RADB entry for it. As well, if you have PA space and your
upstream allocates you a 66.x for example, then you're back to square one.
-Ralph
RADB is largely meaningless, in terms of authorization or authority to
advertise. However, if you have a properly delegated SWIP entry for the
block, few providers will request LOA. Those who do, should probably be
avoided.
I still like the idea of using the DNS system for this, since there are
already authoritative reverse delegations. (i.e. AS to IP block mapping)
- Daniel Golding
Daniel Golding wrote:
RADB is largely meaningless, in terms of authorization or authority to
advertise. However, if you have a properly delegated SWIP entry for the
block, few providers will request LOA. Those who do, should probably be
avoided.
Largely? I like to see the SWIP, but it's not always provided.
Regardless, I want to see an announcement originating from my customer
directly to the owner of the block. De facto authorization.
[...]
Peter E. Fry
How's THIS for Verio arrogance, going to a whole new level:
http://www.monkeys.com/anti-spam/filtering/verio-demand.ps
Details were on the SPAM-L list Wed, 17 Jul 2002 15:51:05 EDT:
Verio threatens to sue Ron Guilmette over the IP 208.55.91.59
appearing on his FormMail.pl open-proxy/formmail server DNSBL.
And given the ever-increasing number of spammers now hopping onto Verio
tells me that Verio must be well down the spiral of death (spammers seem
to be attracted by NSP's going chapter 7/11, or who are getting close),
or else the dozen-or-so automated messages going to abuse@verio.net every
week complaining about connections (real or attempted) to hosts under
my control, and originating from their spamming customers would have shown
any results over time.
I don't need connectivity to 208.55.0.0/16. I really don't, and I have not
the slightest tolerance for litigious, small-minded, panic-lawyer-dialling
scum like this.
/etc/mail$ grep 208.55 access.local
208.55 550 Access for FormMail spam and litigious scum denied - XXXX Verio in their XXXXXXXX XXX - we block more than just 208.55.91.59 - Spammers must die - see http://www.monkeys.com/anti-spam/filtering/verio-demand.ps
/etc/mail$
PS: I also have zero tolerance for Nadine-type spam-generating, "single-opt-in",
"87% permission-based" emailers nowadays: 2 bounces or a single mail to a
never-existing account, and all your /24's are off into gated.conf as a
next-hop route to 127.0.0.1. And no, they won't get around that by advertising
/25's.
Good-bye route-prefix-filtering wars, and welcome to the war on spam,
where Null0'd /28's for filtering 'undesirables' just doesn't cut it any more.
Casualties like 10-15 bystanding rackspace.com customers with a "Nadine-
type" mailer in neighboring IP space be damned: "move your servers into a
different slum, cause da landlord's running down 'da neighborhood".
How is it arrogant?
I read that as: a customer set up an exploitable FormMail. Verio
received notice about it. Verio removed the FormMail in question. Verio
asked to be removed since they corrected the problem. Verio was ignored.
Verio may have some problems with not terminating spammers, and I
believe this to be the truth -- I buy from verio, and Don't spam, and
whenever one of my clients spam, they get terminated for it. I receive
plenty of spam from verio ips, and no matter how much I complain, it
never gets terminated. This is probably a scenario of asking sales rep
"If I want to spam, but I pay more per meg -- Is this OK?" and getting
a positive answer.
That is why the NANAE people don't like verio. But, nonetheless, I
don't think that putting verio's mailserver on a formmail list is
accomplishing anything good, since they fixed THAT problem...
--Phil