Evening all. This is a little long, ignore if you don't have an interest in the exchange in Wellington. On Thu, 17 Aug 2000, James Tyson wrote:
So, let me get this straight. He gets troubles when he receives routes from you directly, and then again via the route server?
Yeah. Turns out he's running some horrible system based on gated.
Righto, So we're moving from "we're not peering coz the route servers are broken" to "we're not peering coz we don't trust what comes from the route servers"? That's all good, we've had these discussions before, and doubtless we'll have them again.
What we have been doing in the past (and what we are doing now, for that matter) is to add our routes into the mix, but not learn anything from the route reflectors.
Indeed. Mighty prudent strategy.
I cannot allow routes from unknown and untrusted sources to be injected into my AS unless stringent measures are undertaken on your part to ensure the sanity of said advertisements.
I will however allow our network to learn routes from you if you are able to give documented evidence that every route is under the strict control of the WIX.
Here's the state of the WIX, as it's currently run. The WIX route servers peer with about 35 other routers, about half of which are on private ASN, and the rest have public AS numbers. Arbitrarily, I assume that the users of private ASN are inept, and therefore I require that they give me a manual list of prefixes they're going to announce, with which I filter their incoming announcements. Equally arbitrarily, I assume that organisations that have gone to the trouble of obtaining their own public ASN have a certain degree of clue, and therefore I don't require that they give me a list of prefixes before peering, although if they do provide a prefix list I'll gladly filter their announcements with it. Generally, all new peers added since about the start of this year have provided prefix lists, and are being filtered. I'm aware that this sounds random, and insecure, but historically, all care, no responsibility has been the only way Citylink staff could run the route servers, given the limited time resources available to us. On the whole, it's worked pretty well, for a fairly organic construct. So, at this stage, I can provide an accurate list of the prefixes being originated from 9439, the Citylink AS (all private ASN get reoriginated from 9439 as they pass through the route server), and if anybody wants that list, I'll gladly provide. For the majority of the other ISP's that advertise through the WIX route servers I don't currently know what they're announcing, so you should treat them with whatever level of scepticism you like. OTOH, I guess you could contact the administrators of these ASN directly (all the usual suspects :-), and find out what they're sending to the route servers, and filter for that. That being said, I'll soon be working full time for Citylink, and will have more time for documenting and managing the route reflectors, including getting and publishing authoratitive lists of all the prefixes WIX peers plan to advertise, possibly by hand, or possibly through the RADB or similar. I suspect this'll be a gradual process, as always.
In an effort to help, I am willing to send you a prefix-list of Xtra's networks.
Sure, that'd be a grand way to start. If anybody else wants to send me their list of prefixes that they're sending to the route servers, then I'll add them to the list of prefixes we announce. Cheers Si --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog