I would fully support a peering database, as the size grows it will become even more important. It is relitivly easy to make mistakes and advertise tings incorrectly for those of us who work on this gear for a living, let alone small connections that are set up by people of unknown experience levels. I would be fully prepared to put some resource ( what type ? ) towards this. This is too important a thing to take lightly. I would much rather spend some time and/or money towards getting this right than run the risk of random routeing problems. -----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Simon Blake Sent: Wednesday, 10 November 1999 10:31 To: nznog(a)list.waikato.ac.nz Cc: richard(a)citylink.co.nz Subject: Re: Wee query about clear :) (fwd) Hi all (bringing a conversation between Jamie Clark and yours truly out into the light) On Tue, 9 Nov 1999, Jamie Clark wrote:
Simon,
On Tue, 9 Nov 1999, Simon Blake wrote:
Any change in your policy of not publishing a route policy? :)
"policy" is a bit strong :-). It has always been my intent to publish a
No offence intended.
and absolutely none taken.
route policy, but time is pressing, and Clear are the only ISP on Citylink that consistantly ask for same. Everytime I sit down to learn what's involved and get a policy loaded, something else crops up that appears more urgent. :-( I'm happy to try and bump it up the priority list, if it will encourage more ISP's to peer.
WIX has obviously worked well without filters so far.
It comes and goes. Generally, it works fine, and that's probably a reflection on the stability of the NZ net, or at least, the bit that peers in wellington. In general, it's changes (additions of new peers) that can cause temporary hiccups (Actrix advertising 4000 prefixes yesterday being a good example).
It is certainly tempting to forgo the safety measures and peer anyway - however I suspect that some day it will become necessary to have the WIX route policy in some form of database. (?) maybe, perhaps.
Absolutely, especially as WIX rises in importance as a major peering point in NZ, rather than as a "backup" peering point, which has been it's role until now.
IMHO it is a potential security risk if you cannot control which routes you choose to learn from your neighbours. It would be possible for a WIX customer with evil intentions to advertise a longer prefix into our network and steal our customer's traffic (or any other WIX ISP's traffic for that matter). Hmmm (evil ideas spring to mind)
It may seem a bit odd, but this has been one of my pet *aims* for WIX! Contrary to popular belief, Citylink doesn't have infinite network capacity :-). Therefore, providing a mechanism where customers of ISP's can transit data directly to other customers of ISP's, without having that data split horizon through one or two ISP routers is increasingly desirable. That's why we have a setup where a little Citylink customer with a /28 from their ISP and no ASN can still peer with the route server and exchange data directly with other Citylink users.
It would not be sufficient for us to deny these advertisements either - as they may very well be legitimate (multihoming).
Having said that (that I think allowing small Citylink customers to advertise long prefix routes directly is desirable), I'm all for restricting what the route server will accept from each client. My policy at the moment tends to vary, depending on the customer. If the peer is an ISP (ie, if they have their own ASN), then I assume they know what they're doing, and I don't filter incoming or outgoing updates, unless requested by the peer. If the peer has no ASN, then I assume that they're less clueful, and also that they're likely to have a small number of routes that change infrequently. Because those non ASN peers are much more likely to foul things up, I filter the updates I receive from them to only the routes they've told me they'll send.
Admittedly a policy database with automatic updates will not necessarily prevent this - but at least there would be an audit trail pointing to the offender.
And that has to be a good thing.
With the current operational changes to RADB it looks like we will set up our own database and have this mirrored by RADB. This won't happen until next year though. The goal would be to automatically generate router BGP configs from this database.
If you're interested (and provided you don't do it first ;) I'm sure we would be keen to pass on anything that might be useful.
When I last looked at the RADb a few months ago, I mused that having route arbiters on WIX and/or APE might not be a bad thing, and would be a useful service for Citylink to provide in it's capacity as "neutral peering provider to the stars" :-). Seeing that Merit are planning to charge US$200 per year leads me to believe that it's an idea who's time may have come. Comments? Cheers Si --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog