I have a quick question about Verio's public peering policy. What is the smallest size prefix that Verio will accept from public peering? The reason why I ask is because my company informed me that Verio will not accept anything from a Class A address with a prefix smaller than a /20 from pubic peering. Is that true? If so, how do small ISP's work around this?
Peter Rohrman
Network Engineer
Un-Named ISP
Verio's prefix filtering and public peering policy are unrelated to
each other.
Here is Verio's prefix filter policy.
http://info.us.bb.verio.net/routing.html#PeerFilter
-dorian
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of P
R
Sent: Thursday, September 27, 2001 3:15 PM
To: nanog@merit.edu
Subject: Verio Peering Question
<SNIP>
anything from a Class A address with a prefix smaller than a /20
from pubic
peering.
Some of us don't accept anything from strange pubic peering ...
>I have a quick question about Verio's public peering policy. What is the
>smallest size prefix that Verio will accept from public peering? The reason
>why I ask is because my company informed me that Verio will not accept
>anything from a Class A address with a prefix smaller than a /20 from pubic
>peering. Is that true? If so, how do small ISP's work around this?
The same way they did when Sprint filtered.
If you have less than a /20, you are getting IP space from one of your upstreams. The upstream announces the larger CIDR, Verio hears it, and sends the traffic there. This happens even if it would be "better" for Verio to send it to your other upstream.
People have argued that this hurts performance on Verio's network. It also eliminates the smaller ISP's ability to control traffic flows. (e.g. You have a T1 to Provider-A, who gives you space, and you prepend heavily; you have a DS3 to Provider-B, and do not prepend. Verio will send the traffic to Provider-A.)
Randy (now at AT&T, I believe) and others claim this does not hurt performance and that it is bad to accept small announcements. Arguments include points like the routers cannot handle that many announcements, smaller providers flap more, etc., etc.
Of course, networks much larger than Verio (e.g. UUNET) accept /32s from their customers, as well as send and accept as small as /24s from peers. No other network seems to have a problem with the extra announcements. Verio cannot explain why these larger networks can accept small announcements and still run a network as well (or better) than Verio, but Verio insists networks should not accept small announcements.
One can make one's own judgement what this says about Verio's ability to run a network.
Oh, one other point - Verio accepts smaller announcements from their customers - and propagates them. I guess Verio agrees that other people can run networks with all the extra announcements, even if Verio themselves cannot.
Personally, I think everyone should filter on /20s and longer - but ONLY FROM VERIO. (I suggested this same things when Sprint was applying ACL 112.) Wonder how long Verio would continue to filter if even a few major networks filtered Verio's announcements.
In the end, though, it does not really matter. As long as you have the larger CIDR being announced by someone, you will get the traffic in all but the most unusual circumstances. (I can think of some, but they really are not "normal".) You may have poor performance from Verio, but that might happen anyway....
When I applied for a /21 from one of my upstreams (Sprint, in this case),
they initially allocated a /21 out of former Class A space. A phone call
and about 20 minutes later, they switched it to a /21 from 208/8.
According to Verio's policy:
In the traditional Class C space (i.e., 192/3), we accept /24 and shorter
As far as I know, nobody major is filtering /21-/24 from Class C or the
swamp...
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
Randy (now at AT&T, I believe) and others claim this does not hurt
performance
...
Of course, networks much larger than Verio (e.g. UUNET) accept /32s from
their customers, as well as send and accept as small as /24s from peers.
No other network seems to have a problem with the extra announcements.
^^^^^^^^^^^^^^^^
Verio cannot explain why these larger networks can accept small
announcements and still run a network as well (or better) than Verio, but
Verio insists networks should not accept small announcements.
Many other networks filter, some to the same extent. Few
post public policies. Few people are as vocal as Randy about
it, and he's moved on from Verio. Given he's still vocal
about it, and Verio still filter, either he's a very believable
crank, or he has a point, and has been trying to educate you
for free. You choose.
One can make one's own judgement what this says about Verio's ability to
run a network.
I'd be making the judgement once I'd looked at performance and
reliability stats. I'd also, as a customer, be keen to look at
pricing to the customer, and as an investor or customer interested
in long term survival of a supplire, at Capex expended to achieve
whatever service level was given. On what would you be basing
your judgement?
I don't think anyone has ever claimed (Randy included)
that filtering out long prefixes never hurts performance /to
those long prefixes/. Just that the usage of those long
prefixes is small, the effect is often small, and the NET
effect (i.e. on performance to all prefixes) is often improved,
AND the 'public good' effect, in terms of encouraging
CIDR and discouraging disaggregation has benefits for
the global routing table, for everybody, in terms of
reduction of cost (nice statistical demonstration at
last IETF Ptomaine session - please refer to 'belling
the cat' problem).
Are you going to present statistical data to the contrary?
No other network seems to have a problem with the extra announcements.
> ^^^^^^^^^^^^^^^^
>> Verio cannot explain why these larger networks can accept small
>> announcements and still run a network as well (or better) than Verio, but
>> Verio insists networks should not accept small announcements.
>
>Many other networks filter, some to the same extent. Few
>post public policies.
Every network I know filters - on /24s and longer (and one did /25s last time I looked). No network I know filters to the extent Verio does.
And *every* network gives hints to their policy - they announce prefixes. Looking in a publicly available route server, I can see /24s from classical A space being accepted from peers in the announcements of the following networks (in no particular order):
* UUNET
* Sprint
* Genuity
* Concentric (2828 - 4908 does not appear to give transit)
* Above.Net
* Exodus
* L3
* Qwest
* AT&T (both AGNS & 7018)
* Teleglobe
* GC
* EBONE
There are other networks out there, but I think this proves that most networks of approximately Verio's size (and all of the networks larger than Verio, methinx) do not filter as Verio does.
>Few people are as vocal as Randy about
>it, and he's moved on from Verio. Given he's still vocal
>about it, and Verio still filter, either he's a very believable
>crank, or he has a point, and has been trying to educate you
>for free. You choose.
I am afraid you have forgotten many, many other possible answers to those two premises. For instance, Randy could be an un-believable crank, and Verio has just not gotten around to un-doing his previous policies? Telcos (especially Japanese telcos) move slowly.
As for education, I would like to thank Randy - and you - for all the education I can get. Lord knows I do not know it all (despite what I sound like sometimes :). I simply choose to disagree on this point. And I am not alone - notice the list of networks above.
Then again, perhaps every one of them is wrong, while Randy & Verio are right? (Of course, this begs the question why AT&T, where Randy works, and XO, where you work, do not filter as Verio does? Perhaps US telcos move slowly too?
>> One can make one's own judgement what this says about Verio's ability to
>> run a network.
>
>I'd be making the judgement once I'd looked at performance and
>reliability stats. I'd also, as a customer, be keen to look at
>pricing to the customer, and as an investor or customer interested
>in long term survival of a supplire, at Capex expended to achieve
>whatever service level was given. On what would you be basing
>your judgement?
Good point. Please note Verio's latest financial announcements. They may be owned by NTT, but losing > 3/4 of a billion dollars on less than half of that in revenue does not bode well, even for a company as big as NTT.
Also, please note the financial health of other networks which do not filter, e.g. UUNET. Or better yet, how about the financial health of a network who used to filter but does not any longer, e.g. Sprint.
Seems to me Verio should stop filtering.
As for performance, we can all argue about that forever. I would pick UUNET over Verio, but that's me. I'd ask for a vote, but it would only start an even bigger flame war. Let's just let the performance thing be decided by each person individually.
>I don't think anyone has ever claimed (Randy included)
>that filtering out long prefixes never hurts performance /to
>those long prefixes/. Just that the usage of those long
>prefixes is small, the effect is often small, and the NET
>effect (i.e. on performance to all prefixes) is often improved,
>AND the 'public good' effect, in terms of encouraging
>CIDR and discouraging disaggregation has benefits for
>the global routing table, for everybody, in terms of
>reduction of cost (nice statistical demonstration at
>last IETF Ptomaine session - please refer to 'belling
>the cat' problem).
>
>Are you going to present statistical data to the contrary?
[SNIP]
I actually wrote a response to this. However, I doubt you would care. So how about this for a counter argument: You win. All those other network is completely clueless, and every network should filter.
Fortunately, I do not run a network any more, so everyone can dismiss me as a crack. (Although I still think it would solve the problem very quickly if everyone filtered *just* Verio.
[I'll probably regret wading in, but....]
I am afraid you have forgotten many, many other possible answers to those
two premises. For instance, Randy could be an un-believable crank, and
Verio has just not gotten around to un-doing his previous policies? Telcos
(especially Japanese telcos) move slowly.
Verio is an ISP, not a telco.
Then again, perhaps every one of them is wrong, while Randy & Verio are
right? (Of course, this begs the question why AT&T, where Randy works, and
XO, where you work, do not filter as Verio does? Perhaps US telcos move
slowly too?
I find that in life, it is difficult to make monolithic stances based on
one principle or another, no matter how correct that stance is in
theory. There are always extenuating circumstances that makes one
modify ones response to things, and reasonable people change as
circumstances change around them.
If Verio ever changes its route filtering policy, that won't mean
that it stopped being the right thing[tm] to do. It will probably just mean
that the overall cost of implementing the right thing[tm] may have become
to high to maintain. Same would be true for some of the other networks that
filtered and stopped.
You make an assumption that other major backbones that don't filter as
Verio does think that doing so is a bad idea. That assumption is
not necessarily true.
I've heard many complaints of Sprint's prefix filtering policy, but never
from another major backbone providers. If anything, many thanked Sprint
for the public service Sprint provided, and wished they do the same.
I've yet to hear another backbone operator complain about Verio's prefix
filtering policy either.
I think it's fairly well known fact that engineers do not soley run
companies. Even if something is the best thing to do from engineering
perspective does not mean that other factors, such as legal, sales and
marketing may not modify the outcome. I know this is North American
Network _Operators_ Group, but sometimes it's useful to think of
the rest of the world.
The networks that filtered aggressively did so in the past because they
thought it was the right thing to do, both for their network and customer
base after taking every factors into consideration. There was also the
consideration of public service that this was doing for the rest of
Internet. As circumstances changed, the factors that went into
decision processes shifted, and expression of those decisions changed
and some decided that it wasn't worth it anymore.
Aside from the theories of routing table entropy and high principles,
as well as realities of bleak future of global Internet routing on
its current vector, there is another facet of this complex problem
to consider that people should take into consideration.
Global routing system is a fragile thing. There are no good existing
ways of authenticating and authorising origin of prefixen.
This periodically causes suboptimality in Internet's control plane,
such as the 128/9 incident. Those networks that filtered as Verio does
were not affected internally that incident. Those who didn't suffered.
There are no ideal solutions for those types of problems. All of the
solutions have major flaws, and prefix filtering based on RIR a
allocation boundaries protect a network from a subset of them.
Until we have mechanisms to protect our networks better, there will
always be issues with any solution(s) chosen.
Before anyone asks, IRR based filtering of peers has been tried. Given
existing software implementations, this does not scale, even if you
ignore the garbage in garbage out issue of the problematic information
source.
P.S. You never did address why Verio preaches one thing and practices
another. Neither has Randy to my knowledge (other than to say "if you are
dumb enough to take them" or something like that). Is hypocrisy an
official policy at Verio?
It would be nice if people knew history better. It saves people from having
to repeat old explanations from old days over and over again.
Please see smd's rationale for acl 112 on nanog and other fora archives
circa 1996.
-dorian
I don't think anyone has ever claimed (Randy included)
that filtering out long prefixes never hurts performance /to
those long prefixes/. Just that the usage of those long
prefixes is small, the effect is often small, and the NET
effect (i.e. on performance to all prefixes) is often improved,
AND the 'public good' effect, in terms of encouraging
CIDR and discouraging disaggregation has benefits for
the global routing table, for everybody, in terms of
reduction of cost (nice statistical demonstration at
last IETF Ptomaine session - please refer to 'belling
the cat' problem).Are you going to present statistical data to the contrary?
<http://psg.com/~rand/010809.ptomaine.pdf>
randy
I don't think anyone has ever claimed (Randy included)
>> that filtering out long prefixes never hurts performance /to
>> those long prefixes/. Just that the usage of those long
>> prefixes is small, the effect is often small, and the NET
>> effect (i.e. on performance to all prefixes) is often improved,
>> AND the 'public good' effect, in terms of encouraging
>> CIDR and discouraging disaggregation has benefits for
>> the global routing table, for everybody, in terms of
>> reduction of cost (nice statistical demonstration at
>> last IETF Ptomaine session - please refer to 'belling
>> the cat' problem).
>>
>> Are you going to present statistical data to the contrary?
>
><http://psg.com/~rand/010809.ptomaine.pdf>
Not Found
The requested URL /~rand/010809.ptomaine.pdf was not found on this server.
Sorry. 
try a little harder -
http://psg.com/~randy/010809.ptomaine.pdf
Lucy E. Lynch Academic User Services
Computing Center University of Oregon
llynch@darkwing.uoregon.edu (541) 346-1774
Cell: (541) 912-7998 5419127998@mobile.att.net
* Thus spake Patrick W. Gilmore (patrick@ianai.net):
[snip]
Oh, one other point - Verio accepts smaller announcements from their
customers - and propagates them. I guess Verio agrees that other people
can run networks with all the extra announcements, even if Verio themselves
cannot.
The rationale stated in past threads is that Verio's customers pay for this
service. Non-customers are not paying Verio for anything therefore they do
not choose to accept the more specific announcements from other providers.
Other providers have not taken this stance as shown by the list of those
that accept more specifics from peers.
cheers
-cp
I am afraid you have forgotten many, many other possible answers to those
>> two premises. For instance, Randy could be an un-believable crank, and
>> Verio has just not gotten around to un-doing his previous policies? Telcos
>> (especially Japanese telcos) move slowly.
>
>Verio is an ISP, not a telco.
Verio is owned by a telco, but to be honest, I like your definition better. So I will concede the point and apologize for my misstatement.
>You make an assumption that other major backbones that don't filter as
>Verio does think that doing so is a bad idea. That assumption is
>not necessarily true.
I am sorry, I should not have implied that since many other networks were not doing it then the engineers there believe it is the "Right Thing". Allow me to re-phrase:
I submit that every major backbone I can find (except Verio) accepts /24s from their peers in classical A space as proof that most, if not all, backbones of approximately Verio's size, and all backbones larger than Verio, do not filter as Verio does. I suggest that if every engineer, or even a large majority of them, believed strongly that filtering was "The Right Thing", at least some of the other backbones would filter.
While I could be wrong, one certainly cannot argue that just because political reasons *could* force engineers to configure networks against their will, that this *did* happen. Barring further evidence, Occam's Razor would, I think, support my view.
If you have further evidence, please feel free to educate me. I certainly am not privy to the opinions of as many engineers at major backbones as you, Randy, and Alex are.
>I've heard many complaints of Sprint's prefix filtering policy, but never
>from another major backbone providers. If anything, many thanked Sprint
>for the public service Sprint provided, and wished they do the same.
>
>I've yet to hear another backbone operator complain about Verio's prefix
>filtering policy either.
I have heard such complaints, to both. I am sorry you have not.
Perhaps the others simply did not wish to challenge you because of your stature in the industry. Perhaps they did not want to start a confrontation. Perhaps like minded people hang out together, so I hear a different view than you do.
Whatever the reason, I have heard engineers opine that filtering is not The Right Thing. Not that that proves anything, any more than you not hearing the dissenting opinion proves anything.
Either way, I believe the fact the Internet is and has been working for many years without even a significant minority of major backbones filtering show that "not filtering" is at least not the end of the world.
>Global routing system is a fragile thing. There are no good existing
>ways of authenticating and authorising origin of prefixen.
Filtering does not solve this problem, although it may alleviate some symptoms for some failure modes.
>This periodically causes suboptimality in Internet's control plane,
>such as the 128/9 incident. Those networks that filtered as Verio does
>were not affected internally that incident. Those who didn't suffered.
There are many "good" things which filtering prohibits, such as a large backbone accidentally announcing the wrong prefix, and a small network deaggregating to gain control of its own IP space. I have been involved in this more than once personally, and getting a large backbone (e.g. Verio) to even listen to your complaint that they are announcing your /20 is pathetically difficult, especially when you are not a customer. Getting them to fix it is monumental. I would rather deal with two telcos claiming the other is the problem with my circuit - at least they both admit there is a problem!
I also submit that this type of problem happens many orders of magnitude more often than the type you mention.
>> P.S. You never did address why Verio preaches one thing and practices
>> another. Neither has Randy to my knowledge (other than to say "if you are
>> dumb enough to take them" or something like that). Is hypocrisy an
>> official policy at Verio?
>
>It would be nice if people knew history better. It saves people from having
>to repeat old explanations from old days over and over again.
It would be nice if you did not simply assume people are not aware of the history.
>Please see smd's rationale for acl 112 on nanog and other fora archives
>circa 1996.
I have read Sean's argument, and discussed it with him personally. Stating that your customers pay you so you will accept longer announcements is fine, but neither Sprint nor Verio pays their peers to accept those longer announcements, so they should not propagate them. It is trivial to accept longer announcements from your customers than you pass to your peers.
Plus, I maintain is hypocritical to argue that the Internet will collapse if networks do not filter because aggregation is absolutely necessary, while simultaneously accepting and passing longer announcements, whether you are paid to do it or not.
Sprint's acceptance of long announcements from customers while filtering them from peers did less to foster aggregation than it did to help Sprint get customers who wanted to announce longer prefixes. (To be honest, I do not think Verio is getting the same advantage, but I could be wrong.)
And arguing that since everyone should filter it does not matter what you announce is not an argument, it is a poor rationalization for hypocrisy.
Plus the fact that Sprint only filtered (sill filters?) their customers on AS_PATH creates much more danger & instability to the global table than filtering on longer prefixes. Another glaring hypocrisy.
***** *****
Listen, Dorian, you are a bright guy, and so is Randy, and so is Alex. But clued or not, claiming something is "The Right Thing [tm]" does not make it so.
Filtering is nice in theory, but it misses some basic requirements of the Internet today.
The Internet is a tool, a means to an end. It is no longer a research project by academics, nor is a personal toy of a privileged few who happen to run large backbones.
The Internet is where it is today because people pumped billions of dollars into it. (Mostly to get pr0n. Many of these people require robust, high performance connectivity to the Internet, which can best be guaranteed through multiple connections to multiple providers. And they are willing to pay for it.
Providers who ignore these requirements do so at their peril.
If you have a better way for people to get robust, high performance connections, please submit it. I do not think filtering is bad because I had a vision from ghod, I think it is bad because it does not let the people paying for all these nice toys, and pushing all these 100s of Gbps, do what they want to do. Do what they NEED to do if we are to continue having an Internet.
You can argue that they want what is bad for them, and you may be right. But I argue that requiring smaller companies and providers to have a single connection will cause them more downtime and worse performance than allowing the global table to fill with the longer announcements.
History so far seems to be on my side. The statistics Randy quotes do not prove his case, they merely say growth will be slower, so he can keep up. Many companies believe they can keep up with the faster growth. I suggest that any provider which limits itself enough so it can slow the growth will not have to worry about any type of growth for long....
Plus, I maintain is hypocritical to argue that the Internet will collapse
if networks do not filter because aggregation is absolutely necessary,
while simultaneously accepting and passing longer announcements, whether
you are paid to do it or not.
I do not see any hypocracy here, except perhaps your own. Verio's
publicly stated position in the past has been:
*) Verio will accept prefixes that meet a certain critera from the
world, and they will accept and propagate the prefixes that their
customers pay them to accept, however, they do not guarantee to
their customers that OTHER people will accept those prefixes.
Sure, they filter, but they invite THEIR peers to filter them, as
well. I don't see any hypocracy in that.
And arguing that since everyone should filter it does not matter what you
announce is not an argument, it is a poor rationalization for hypocrisy.
How can you rationalize something away when it does not exist?
If Verio filtered their peers, but not their customers, and then demanded
that everyone else accept all of their customer prefixes, that might be
hypocritical. Since they don't, I don't see a problem here.
Listen, Dorian, you are a bright guy, and so is Randy, and so is Alex. But
clued or not, claiming something is "The Right Thing [tm]" does not make it so.
Patrick, neither does claiming that such filtering /isn't/ "The Right
Thing." And I find your prior argument that filtering is hurting the
business of Verio as completely laughable -- clearly the open filtering policy
is what made providers such as Priori and Onyx (USA) such a success. Someone
with your, shall we say, `colorful' job history should be well aware that
engineering policy has little to do with the success or failure of an ISP.
The Internet is where it is today because people pumped billions of dollars
into it. (Mostly to get pr0n.
high performance connectivity to the Internet, which can best be guaranteed
through multiple connections to multiple providers. And they are willing
to pay for it.
And the people who pumped billions of dollars into it are welcome
to protect their assets, their network, and their customers as they choose.
I do not yet have the ego required to claim that Verio's--or anyone's
equipment is in the public domain.
Providers who ignore these requirements do so at their peril.
Again, please either put a retread on this tired business argument
or drop it, it's wearing a bit thin.
If you have a better way for people to get robust, high performance
connections, please submit it. I do not think filtering is bad because I
had a vision from ghod, I think it is bad because it does not let the
people paying for all these nice toys, and pushing all these 100s of Gbps,
do what they want to do. Do what they NEED to do if we are to continue
having an Internet.
Doesn't it? Filtering does not prevent these people from doing
what they wish. It simply establishes guidelines for how they do it.
There is -no difference- between filtering on /25-and-longer and
filtering as Verio does. The former modifies behavior by asking that
people refrain from announcing anything smaller than a /24. The
latter simply filters prefixes based on registry allocation policy.
You can argue that they want what is bad for them, and you may be
right. But I argue that requiring smaller companies and providers to have
a single connection will cause them more downtime and worse performance
than allowing the global table to fill with the longer announcements.
How does this require that they single-home? I have no idea
where this paragraph came from, but in the context of this post, I
guess that's not a new feeling.
--msa
If filtering is "saving the Internet," why not practice what you preach?
Its a bit like complaining about poluted rivers, but continuing to
dump raw sewage into the river because that's what your customers
pay you to do. And saying other water systems can filter the water
if they don't like it.
Sure, they filter, but they invite THEIR peers to filter them, as
>well. I don't see any hypocracy in that.
I am sorry you do not. How about we agree to disagree?
I do, however, agree that all their peers should take them up on their invitation and filter Verio, but only Verio.
How much would you like to bet that if every backbone, or even just a few major ones, filtered Verio (and only Verio) as Verio suggests, that Verio would stop filtering and ask them to stop filtering? I would put $1,000 on it right here and now, publicly. (Since you mention my job history below, you know I am not an Internet millionaire, so you know this is not an insignificant amount of money for me.)
Then again, I can see from below that you obviously do not understand the implications of this filtering policy.
> Patrick, neither does claiming that such filtering /isn't/ "The Right
>Thing." And I find your prior argument that filtering is hurting the
>business of Verio as completely laughable -- clearly the open filtering policy
>is what made providers such as Priori and Onyx (USA) such a success. Someone
>with your, shall we say, `colorful' job history should be well aware that
>engineering policy has little to do with the success or failure of an ISP.
Thank you for your support. At least you did not try to imply that my previous networks died because I could not engineer them properly. But that is not really the issue here.
>> The Internet is where it is today because people pumped billions of dollars
>> into it. (Mostly to get pr0n. Many of these people require robust,
>> high performance connectivity to the Internet, which can best be guaranteed
>> through multiple connections to multiple providers. And they are willing
>> to pay for it.
>
> And the people who pumped billions of dollars into it are welcome
>to protect their assets, their network, and their customers as they choose.
>I do not yet have the ego required to claim that Verio's--or anyone's
>equipment is in the public domain.
I was not claiming that.
>> If you have a better way for people to get robust, high performance
>> connections, please submit it. I do not think filtering is bad because I
>> had a vision from ghod, I think it is bad because it does not let the
>> people paying for all these nice toys, and pushing all these 100s of Gbps,
>> do what they want to do. Do what they NEED to do if we are to continue
>> having an Internet.
>
> Doesn't it? Filtering does not prevent these people from doing
>what they wish. It simply establishes guidelines for how they do it.
>There is -no difference- between filtering on /25-and-longer and
>filtering as Verio does. The former modifies behavior by asking that
>people refrain from announcing anything smaller than a /24. The
>latter simply filters prefixes based on registry allocation policy.
Actually, there is a difference.
>> You can argue that they want what is bad for them, and you may be
>> right. But I argue that requiring smaller companies and providers to have
>> a single connection will cause them more downtime and worse performance
>> than allowing the global table to fill with the longer announcements.
>
> How does this require that they single-home? I have no idea
>where this paragraph came from, but in the context of this post, I
>guess that's not a new feeling.
Please read Randy's documents. They explain it quite clearly.
I shall try to summarize. A company or small provider can easily get a /24 from their upstream by simply claiming they want to multi-home, even if they do not need 256 IP addresses. A company or small provider cannot get a /20 from ARIN or RIPE or APNIC by claiming they need to multi-home. The registries only hand out allocations based on IP need, they state quite clearly that you should get smaller allotments from your upstream.
So, say I am a small company with 50 or so employees, and I rely very, very heavily on my internal web server for my business. I have a few options:
* I can place my server at a colocation house, which would put me completely at the mercy of that colocation house.
* I can put my web server here in my office and get a single link to the Internet, which puts me completely at the mercy of that physical line and single provider.
* I can multi-home.
(Probably the best option would be to put the box at a colocation house like Above.Net which allows me to pull in a line from another provider, while also providing me with all the backup & security of a colocation facility instead of a standard business-class building. But that still requires me to multi-home.)
Because of my small need for IP space, none of the IP registries will give me my own /20 (or whatever). However, ARIN will not complain if one of my upstreams SWIPs a /24 to me, even if I do not require an entire /24. I announce that /24 to both my upstreams.
If that /24 is filtered by all backbones, my second connection to the Internet is essentially useless, a waste of money.
Also, please note that if all backbones filtered Verio - and only Verio - as Verio suggests, then anyone announcing a /24 into Verio from the space of another provider would be wasting their money. If the link to the other provider were to fail, the customer would receive no traffic from anywhere on the Internet, except Verio and Verio customers. While this is not a trivial amount of the Internet, it is still a small fraction of the Internet. (This is why I believe Verio would stop filtering if everyone filtered only Verio.)
Do you now understand why "filtering == forcing small providers / businesses to single home"? If anything was not clear, please contact me off list and I shall try to explain further.
Again, I and many other people are open to alternatives. Whenever I bring this argument up to Randy (and some others), he tells me that these smaller people do not need to multi-home, or that they are not big enough to matter. Kinda arrogant if you ask me, especially considering some of these people (including Randy) used to do the opposite of what they now preach, back before they were "tier 1" providers.
I also submit that these small companies & providers are big enough to matter, at least in aggregate. A large amount of traffic (and money) comes from these types of providers & businesses. If there were not that many of them, it would not make a difference to the global table.
Then again, I can see from below that you obviously do not understand the
implications of this filtering policy.
-snip-
Because of my small need for IP space, none of the IP registries will give
me my own /20 (or whatever). However, ARIN will not complain if one of my
upstreams SWIPs a /24 to me, even if I do not require an entire /24. I
announce that /24 to both my upstreams.If that /24 is filtered by all backbones, my second connection to the
Internet is essentially useless, a waste of money.
-snip-
Do you now understand why "filtering == forcing small providers /
businesses to single home"? If anything was not clear, please contact me
off list and I shall try to explain further.
Actually, it seems to me that your argument is that ARIN/RIPE/APNIC
policy prevents people from multihoming. In the past, when new allocations
have been opened or allocation policy has been redefined (say, from /19 to
/20), Verio's filters have changed accordingly.
If the regional registry's policy is the problem, fix that policy,
and I think that you'd find Verio's filters would also change. Randy has
stated on more than one occaision (back when he worked for Verio) that he
would listen to loose /24's within the proper ranges if the registrys
would develop a workable microallocation policy.
Blaming Verio for the RIR's allocation policy simply does not make
sense.
--msa