provider independant IP allocations
A client of ours has a provider independant assignment in the 203.0.0.0 to 203.63.255.255 range. I know that this was originally an allocated block to AUNIC in Australia, but with the switch back to APNIC the client now wants to know if they can use them here in New Zealand? I haven't managed to work out what is routable here in New Zealand and what isn't, anyone able to provider further information? (Yes I know that just because it is provider independant doesn't mean that upstream providers will route it) Thanks, Drew - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On 22 Nov 2001, Drew Whittle wrote:
A client of ours has a provider independant assignment in the 203.0.0.0 to 203.63.255.255 range.
I know that this was originally an allocated block to AUNIC in Australia, but with the switch back to APNIC the client now wants to know if they can use them here in New Zealand?
I haven't managed to work out what is routable here in New Zealand and what isn't, anyone able to provider further information?
(Yes I know that just because it is provider independant doesn't mean that upstream providers will route it)
Why not ask APNIC for their view on this? That's what they're there for. andy - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 2001-11-22 at 11:22, Andy Linton wrote:
On 22 Nov 2001, Drew Whittle wrote:
A client of ours has a provider independant assignment in the 203.0.0.0 to 203.63.255.255 range.
I know that this was originally an allocated block to AUNIC in Australia, but with the switch back to APNIC the client now wants to know if they can use them here in New Zealand?
Why not ask APNIC for their view on this? That's what they're there for.
That is my next on the list of places to ask, I figured that nznog members might be able to answer the question quicker and with more general information. Drew - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Nov 22, 2001 at 10:44:05AM +1300, Drew Whittle wrote:
A client of ours has a provider independant assignment in the 203.0.0.0 to 203.63.255.255 range.
I know that this was originally an allocated block to AUNIC in Australia, but with the switch back to APNIC the client now wants to know if they can use them here in New Zealand?
I haven't managed to work out what is routable here in New Zealand and what isn't, anyone able to provider further information?
I have yet to find any provider anywhere who will refuse to advertise prefixes because the RIR that allocated them does not appear to be local. They should/will check that the prefixes in question seem to be legitimately registered to the entity that wishes to receive their traffic, though.
(Yes I know that just because it is provider independant doesn't mean that upstream providers will route it)
There are a few operators who filter on RIR allocation boundaries (Verio is one). However, I would be surprised if 203.0.0.0/10 was treated as anything other than a swamp of /24s, given its history. I would expect that there would be few problems advertising the kind of prefix you are talking about so long as it doesn't have a mask longer than 24 bits. The person to ask about this is your prospective transit provider in NZ, and also any other operator who currently advertises a supernet route which covers the prefix you want to advertise. APNIC have nothing to say about routability of prefixes, in general, just allocation of numbers. Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, 21 Nov 2001, Joe Abley wrote:
There are a few operators who filter on RIR allocation boundaries (Verio is one). However, I would be surprised if 203.0.0.0/10 was treated as anything other than a swamp of /24s, given its history.
But at the most recent IETF in London in August there was a very clear call from the IAB to major providers to start filtering on allocation boundaries. As one of the people heavily involved in the 203.0.0.0/10 swamp I can quite clearly recall that this block was allocated exclusively to Australia but I suspect Joe is right about the historical mess.
I would expect that there would be few problems advertising the kind of prefix you are talking about so long as it doesn't have a mask longer than 24 bits. The person to ask about this is your prospective transit provider in NZ, and also any other operator who currently advertises a supernet route which covers the prefix you want to advertise.
I'd want to ask the question why do you (or the customer) want to do this. There may be no problem advertising the /24 today but there may be in the future. Why not use address space from your provider? We all have a responsibility to try to do the 'right thing' with address space. Just because you can do something, doesn't mean you should.
APNIC have nothing to say about routability of prefixes, in general, just allocation of numbers.
Well not quite - see Policies for address space management in the Asia Pacific region (http://www.apnic.net/docs/policy/add-manage-policy.html) in particular: 6.1. Routability not guaranteed APNIC recognises that the routability of address space can never be guaranteed. Specifically, in order to reduce the number of globally advertised routes, transit providers worldwide implement route filtering policies based on prefix length, with the result that non-provider-based assignments are least likely to be routable across the Internet. Therefore, APNIC policy should encourage those seeking address space to request it from upstream providers rather than from APNIC directly. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Nov 22, 2001 at 07:01:00PM +1300, Andy Linton wrote:
On Wed, 21 Nov 2001, Joe Abley wrote:
There are a few operators who filter on RIR allocation boundaries (Verio is one). However, I would be surprised if 203.0.0.0/10 was treated as anything other than a swamp of /24s, given its history.
But at the most recent IETF in London in August there was a very clear call from the IAB to major providers to start filtering on allocation boundaries.
Which affects real-world operators how, exactly? :)
I would expect that there would be few problems advertising the kind of prefix you are talking about so long as it doesn't have a mask longer than 24 bits. The person to ask about this is your prospective transit provider in NZ, and also any other operator who currently advertises a supernet route which covers the prefix you want to advertise.
I'd want to ask the question why do you (or the customer) want to do this. There may be no problem advertising the /24 today but there may be in the future. Why not use address space from your provider? We all have a responsibility to try to do the 'right thing' with address space. Just because you can do something, doesn't mean you should.
There *are* some legitimate reasons. They could be multi-homing, for example, and trying to avoid the mess of long-prefix prefixes being advertised alongside covering supernets; they could be hosting a prominent nameserver, for which renumbering presents arguably as big a stability threat to the network as the addition of a single prefix in the default-free zone. On the other hand, I have yet to meet a transit provider who would choose idealist conservation of BGP state over customer dollars :)
APNIC have nothing to say about routability of prefixes, in general, just allocation of numbers.
Well not quite - see Policies for address space management in the Asia Pacific region (http://www.apnic.net/docs/policy/add-manage-policy.html) in particular:
6.1. Routability not guaranteed
APNIC recognises that the routability of address space can never be guaranteed. Specifically, in order to reduce the number of globally advertised routes, transit providers worldwide implement route filtering policies based on prefix length, with the result that non-provider-based assignments are least likely to be routable across the Internet. Therefore, APNIC policy should encourage those seeking address space to request it from upstream providers rather than from APNIC directly.
The disclaimer makes lots of sense; APNIC wouldn't want to be sued by an irritated new member who found out that provider Y's policies on the other side of the planet prevented their newly-delegated address block being as reachable as they would like. Still, today it is nobody's business but individual ISPs to dictate what filtering policy should be put in place, and the largest ISPs on the planet do not filter according to RIR allocation boundaries. Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 22 Nov 2001, Joe Abley wrote:
On Thu, Nov 22, 2001 at 07:01:00PM +1300, Andy Linton wrote:
But at the most recent IETF in London in August there was a very clear call from the IAB to major providers to start filtering on allocation boundaries.
Which affects real-world operators how, exactly? :)
It may not. But on the other hand, you indicated that Verio do filtering, what if others decide it's in their interests as well? I'm only trying to say that there are risks and that people should try to understand the whole picture without just saying "Oh good I've got some address space I can use". And I think that's why Drew asked the question which is a lot more than many do.
There *are* some legitimate reasons. They could be multi-homing, for example, and trying to avoid the mess of long-prefix prefixes being advertised alongside covering supernets; they could be hosting a prominent nameserver, for which renumbering presents arguably as big a stability threat to the network as the addition of a single prefix in the default-free zone.
I agree but I'd have to ask if someone is hosting a prominent nameserver that's about to cross the Tasman then they've probably got other stability issues! But see my comments above.
On the other hand, I have yet to meet a transit provider who would choose idealist conservation of BGP state over customer dollars :)
So all the more reason for those on the edge to "do the right thing!" (:-)
Still, today it is nobody's business but individual ISPs to dictate what filtering policy should be put in place, and the largest ISPs on the planet do not filter according to RIR allocation boundaries.
In pragmatic terms you're right. I'd just encourage people to think about what they should ask those sluttish upstream ISPs to do. (:-) - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Andy Linton
I'd want to ask the question why do you (or the customer) want to do this. There may be no problem advertising the /24 today but there may be in the future. Why not use address space from your provider? We all have a responsibility to try to do the 'right thing' with address space. Just because you can do something, doesn't mean you should.
What's the problem here? Aggregating address space was important back when memory was expensive, router manufacturers believed that 16 MB was more than anyone could ever use, and the CPUs were mainly 68000s and derivatives. There are only 14 million or so possible /24 blocks. Even if every possible /24 was advertised (and they aren't), the routing table and all its related hangers on should fit inside a gig or so. I can buy a PC with enough horsepower and memory to run the routing for the worst cases we're likely to see on the Internet for around NZ$3000. Really, this "gotta have a small prefix" thing is silly. it prevents outfits that have small address space needs from peering with multiple providers without massively wasting address space. Sure, if you're singly connected, you don't need provider independant address space. But applying thinking based on 1980s routing technology to address space management is just dumb. -- don - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Nov 22, 2001 at 07:46:33PM +1300, Don Stokes wrote: Aggregating address space was important back when memory was expensive, router manufacturers believed that 16 MB was more than anyone could ever use, and the CPUs were mainly 68000s and derivatives. Many routers still are like this... There are only 14 million or so possible /24 blocks. Even if every possible /24 was advertised (and they aren't), the routing table and all its related hangers on should fit inside a gig or so. Whas that got to do with the real world? I can buy a PC with enough horsepower and memory to run the routing for the worst cases we're likely to see on the Internet for around NZ$3000. Irrelvant, and besides, no you can't. Really, this "gotta have a small prefix" thing is silly. it prevents outfits that have small address space needs from peering with multiple providers without massively wasting address space. What do you mean here? That a /24 is too large for many people or that filtering on assignment boundaries is bad? Sure, if you're singly connected, you don't need provider independant address space. But applying thinking based on 1980s routing technology to address space management is just dumb. Technology is only part of the problem, this is also the issue of sane management and keeping networkds usable. Perhaps we should forgo routers and just use switches in a flat address space? --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, 23 Nov 2001, Chris Wedgwood wrote:
On Thu, Nov 22, 2001 at 07:46:33PM +1300, Don Stokes wrote:
There are only 14 million or so possible /24 blocks. Even if every possible /24 was advertised (and they aren't), the routing table and all its related hangers on should fit inside a gig or so.
Whas that got to do with the real world?
You can fit the largest possible routing table in a PC with $500 worth of RAM.
I can buy a PC with enough horsepower and memory to run the routing for the worst cases we're likely to see on the Internet for around NZ$3000.
Irrelvant, and besides, no you can't.
You can't? I know at least a few ISPs are running PC's with Zebra for their routing. I've seen ATM, Hssi and similar cards that appears to be supported. Where do things break down?
Really, this "gotta have a small prefix" thing is silly. it prevents outfits that have small address space needs from peering with multiple providers without massively wasting address space.
What do you mean here? That a /24 is too large for many people or that filtering on assignment boundaries is bad?
I think me means it too large. Links these days are almost cheap enough (even in NZ) that very small companies may want to multihome. A Web hosting company could easily only need a /26 worth of IPs.
Perhaps we should forgo routers and just use switches in a flat address space?
I've seen that seriously suggested. -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I think me means it too large. Links these days are almost cheap enough (even in NZ) that very small companies may want to multihome. A Web hosting company could easily only need a /26 worth of IPs.
If you were talking brochure ware with no need for encyption or authentication - yes. In the land of e-commerce, web based applications need to use SSL. That stuff needs a unique IP address associated with the certificate common name. Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Peter Mott wrote:
[...] In the land of e-commerce, web based applications need to use SSL. That stuff needs a unique IP address associated with the certificate common name.
All depends on how you terminate your SSL traffic... one of the major SSL acceleration appliance vendor's primary features is that it will terminate SSL at layer 2 without even having an IP address. Yes, it's the same vendor that had a security alert which only applied *if* you were silly enough to assign and IP address to any of the interfaces. The entire discussion brings back recent memories of "the internet can't scale" arguments in certain forms, supposed APNIC allocation policy restrictions for web hosting facilities and that silly sold.com.au auction for an entire class C (supposedly portable, but has yet come on line over a year later) that only fetched an AU$800 winning bid (which would have been a one-time fee a little over $AU3 per IP if the winning bidder was/is ever able to dislodge it from Telstra's routing tables... LOL). ...needless to say, old/new ideas/opinions about how things should be done abound and occasional silliness has been known to exist in-between (and at) the extremes... I seem to recall reading something about consensus and running code in a RFC somewhere. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 2001-11-22 at 19:01, Andy Linton wrote:
I'd want to ask the question why do you (or the customer) want to do this. There may be no problem advertising the /24 today but there may be in the future. Why not use address space from your provider? We all have a responsibility to try to do the 'right thing' with address space. Just because you can do something, doesn't mean you should.
For me it is easier if they don't have them, but the decision is not mine. I have explained why they shouldn't to our non technical manager type guy, but to him it's a matter of $ and customer happiness. :D - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Sprint used to have a nice page describing what ranges were filtered and dampened to what level, and when I was involved, most other provides who filtered took their lead from them, as Sprint was pretty vicious. I notice they now say you will need to contact mailto:noc(a)sprint.net to find out. You may want to check with them. I think you need to make it clear to the customer that the risk of using such blocks is either network unavailability from various networks, or more-likely that they will be disproportionately dampened should there be network instability, resulting in extended outage periods. It is my personal impression that APNIC haven't got too much value to add in this discussion, they would probably like the addresses back, but don't really have any authority over what is and isn't do-able in the real world. Arron Scott -----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Drew Whittle Sent: Thursday, 22 November 2001 9:09 PM To: NZNOG Subject: Re: provider independant IP allocations On Thu, 2001-11-22 at 19:01, Andy Linton wrote:
I'd want to ask the question why do you (or the customer) want to do this. There may be no problem advertising the /24 today but there may be in the future. Why not use address space from your provider? We all have a responsibility to try to do the 'right thing' with address space. Just because you can do something, doesn't mean you should.
For me it is easier if they don't have them, but the decision is not mine. I have explained why they shouldn't to our non technical manager type guy, but to him it's a matter of $ and customer happiness. :D - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, 23 Nov 2001, Arron Scott wrote:
It is my personal impression that APNIC haven't got too much value to add in this discussion, they would probably like the addresses back, but don't really have any authority over what is and isn't do-able in the real world.
Except that you might want to consider what happens when you need to go back to them for more address space and you need to explain how well you've managed what you've already been allocated. You might also want to think about their http://ftp.apnic.net/apnic/docs/no-questions-policy.txt 2.0 The "No Questions Asked" Return Policy While it should be stressed that for the Internet to scale, all organizations should obtain address space from their service provider, pragmatically speaking addresses which were allocated historically ("legacy prefixes") have advantages for those who make use of them. Specifically, because legacy prefixes are historically allocated, they are unlikely to be subject to prefix length filters, thereby providing long prefix provider independence. In many cases, an organization will have multiple legacy prefixes all of which require independent routing entries. In order to help reduce the strain resulting from the continued growth of the default free routing tables in routers on the Internet, APNIC will exchange existing provider independent prefixes for a single provider independent prefix of equal length or one bit shorter (to round up should the amount of space not work out to a CIDR boundary) -- There are conditions but in some cases it's worth a look. The other thing you should think about is that when one one of your customers walks off to another ISP with one of *your* provider blocks then you've got no moral ground to stand on to complain about that behaviour. If you do advertise this you're punching holes in some other provider's supernet - try it from the other side and see how you like it. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Nov 23, 2001 at 09:52:35AM +1300, Andy Linton wrote:
The other thing you should think about is that when one one of your customers walks off to another ISP with one of *your* provider blocks then you've got no moral ground to stand on to complain about that behaviour. If you do advertise this you're punching holes in some other provider's supernet - try it from the other side and see how you like it.
That is all good advice in general, but in this specific case there may be no covering supernet -- I think Telstra stopped advertising 203.0.0.0/10 earlier this year (I don't see it now, anyway). If the block was originally directly delegated from AUNIC, it's probably just swamp space. Incidentally, vrt Verio-style filtering on RIR allocation boundaries, it's interesting to note that although Verio filter their peers in that manner, the same does not follow for their customers, so in this respect they're being liberal in what they send, and conservative in what they accept (so, robust wrt Verio's internal network and non-robust wrt the rest of the world). Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (9)
-
Andy Linton -
Arron Scott -
cfb -
Chris Wedgwood -
Don Stokes -
Drew Whittle -
Joe Abley -
Peter Mott -
Simon Lyall