Hi.
Craig, all of the recent (post 1996) RFCs and IETF drafts that I have seen make it clear that address portability is inconsistent with having a routable Internet. The regional registries all have policies to reduce route table fragmentation by migrating organisations to provider addressing.
I'm suggesting we attempt to address historical address portability where it was rightfully assumed and that we do not attempt to force migration. Also clarification of the "ownership" of the NZGATE addresses would seem to be in order as there seems to be some dispute and confusion there.
I think Joe pretty much assumed that ISPs were aware of the potential problems with portability. If any of the major upstream providers of the New Zealand providers begin to filter small advertisements (say, smaller than /20) then a lot of NZ organisations with "portable" addresses could potentially be cut off from the rest of the world.
This is pretty unlikely. It would cut off major and important sections of the Internet, including most root name servers. Sprint unilaterally began filtering longer prefix routes several years ago but not those in ranges in use prior to widespread discussion of provider blocks (i.e. they have never filtered out NZGATE prefixes shorter than or equal to /24). Also, routing table growth has slowed because of the introduction of CIDR, the use of provider based addressing, and (proxy) aggregation. Routing table growth for the past three years (~1.7x) has been much slower than router CPU and memory growth and this trend is likely to continue. With it becoming increasingly easier to handle all routes, such action is now unlikely for technical reasons. The dampening used by some providers does tend to cause /24's to incur longer blocking than a /20 would as a result of flapping. But beyond this it's hard to see any potential problems with the portability of the NZGATE addresses (and many are in blocks larger than a /24 anyway).
You can be sure that many of these small routes are not carried globally and only have connectivity because the origin of the supernet routes gets the traffic close enough to a provider that doesn't filter.
For NZGATE addresses, i do not believe this is factual. In addition to my general moaning, the draft specifically penalises many older ISPs (by making the addresses of their servers non-portable) does not address multi-homed use, and does not provide exceptions where portability is reasonable. How about policies based more roughly around these ideas: Those who obtained addresses directly from Waikato with the legitimate understanding they were portable should be treated as portable (/23 or shorter automatically qualifies). Addresses obtained from an ISP are not portable and should not be advertised by another ISP (except by agreement). No provider is allowed to advertise supernets that overlap another providers advertisements (except by agreement). -Craig --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Hi Craig, On Mon, Oct 12, 1998 at 09:30:23AM +1300, Craig Anderson wrote:
Craig, all of the recent (post 1996) RFCs and IETF drafts that I have seen make it clear that address portability is inconsistent with having a routable Internet. The regional registries all have policies to reduce route table fragmentation by migrating organisations to provider addressing.
I'm suggesting we attempt to address historical address portability where it was rightfully assumed and that we do not attempt to force migration.
One of the core drivers of my draft was that no network operator (end-user or otherwise) would be obliged to renumber during the normal course of their business activities. Migration would be thrown into the exercise when the network operator next needed to obtain additional address space, or moved provider. Just because network addresses could be considered portable a few years ago doesn't make it so forever - the network is changing, and best current practices change with it.
Also clarification of the "ownership" of the NZGATE addresses would seem to be in order as there seems to be some dispute and confusion there.
That is the main driver for the draft. If subnets delegated from NZGATE blocks are considered portable, then there is no "operational ownership" of the NZGATE supernets worth arguing about -- in this model, the delegated subnets "belong" to the network using them. However, this doesn't scale, and hence the "ownership" rests with the provider. In the case where the provider no longer exists, confusion reigns :)
For NZGATE addresses, i do not believe this is factual.
In addition to my general moaning, the draft specifically penalises many older ISPs (by making the addresses of their servers non-portable) does not address multi-homed use, and does not provide exceptions where portability is reasonable.
This is true. However, these problems are not unique to NZ - they are problems that affect the network as a whole. Provider-based addressing _is_ inconvenient. However, as you mentioned, the move towards provider-based addressing and CIDR aggregation has prolonged the life of the current IPv4 numbered network significantly.
How about policies based more roughly around these ideas:
Those who obtained addresses directly from Waikato with the legitimate understanding they were portable should be treated as portable (/23 or shorter automatically qualifies).
If you can justify a 19-bit (or shorter) prefix block, you can get one direct from APNIC... Perhaps we can circumvent the inconvenience of renumbering for the older ISPs by having APNIC endorse /19s already operated by these ISPs as delegated directly to them?
Addresses obtained from an ISP are not portable and should not be advertised by another ISP (except by agreement).
No provider is allowed to advertise supernets that overlap another providers advertisements (except by agreement).
These two makes lots of sense. I think it is important to take a united front
on these issues and make them widely known amongst users, forever dispersing
the idea of portable address space for small networks.
--
Joe Abley
On Mon, Oct 12, 1998 at 02:48:48PM +1300, Joe Abley wrote:
If you can justify a 19-bit (or shorter) prefix block, you can get one direct from APNIC... Perhaps we can circumvent the inconvenience of renumbering for the older ISPs by having APNIC endorse /19s already operated by these ISPs as delegated directly to them?
For a minimum charge of $8192 (USD?) (unless your a member). Whilst its not the national debt, its still a little too high to sneak past someone under the category `morning tea and biscuits' money. -cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Mon, Oct 12, 1998 at 06:04:58PM +1300, Chris Wedgwood wrote:
On Mon, Oct 12, 1998 at 02:48:48PM +1300, Joe Abley wrote:
If you can justify a 19-bit (or shorter) prefix block, you can get one direct from APNIC... Perhaps we can circumvent the inconvenience of renumbering for the older ISPs by having APNIC endorse /19s already operated by these ISPs as delegated directly to them?
For a minimum charge of $8192 (USD?) (unless your a member).
True. The lowest tier of membership is $4000 US - and if you're not a member, the IP addresses come at the bargain price of $1 US each, minimum order 8192. I don't think anybody actually pays for IP addresses without being a member. Nobody sane, anyway ;) I was wondering whether, in the interests of the clean up and longer-term freeing-up of the end-user networks out of the NZGATE blocks, APNIC might legitimise the delegations without charge. Stranger things have been known.
Whilst its not the national debt, its still a little too high to sneak past someone under the category `morning tea and biscuits' money.
:)
--
Joe Abley
On Mon, Oct 12, 1998 at 06:16:06PM +1300, Joe Abley wrote:
True. The lowest tier of membership is $4000 US - and if you're not a member, the IP addresses come at the bargain price of $1 US each, minimum order 8192. I don't think anybody actually pays for IP addresses without being a member. Nobody sane, anyway ;)
Oh, no doubt about it - becoming a member is cheaper. Also, if you look at the fine print, the $8192 charge is a MINIMUM charge, even if they don't give you /19, they might decide you only need /21 in which case its tough luck. You also have to pay $0.10/address maintainence fee each year, which isn't all that bad, but if you had /18 or bigger, membership is then cheaper.
I was wondering whether, in the interests of the clean up and longer-term freeing-up of the end-user networks out of the NZGATE blocks, APNIC might legitimise the delegations without charge. Stranger things have been known.
Pretty tricky, since to do it right, APNIC would need to find a /16 or larger block of address space, have everybody renumber over to it, then revoke what's presently in use, something I would argue is probably worth doing, but many people simply won't agree with that. The present address space is too add-hoc and messy, I noticed tweaking ACLs on a router a few months back, we have a /24 hole thats been there for about two years or more, which initially moved to telecom then telstra. In the same token, we have /24s in use which have done more or less the same thing (I think I've only got one left now, there were several). Ideally, I'll dump the /24s in use, and routes surrounding the `holes' for the sake of simplicity. Some people don't have the luxury of being able to do this, however, one Auckland provider I know of, has at last count, about 8 or 9 /24 address going down their wire - all allocated in a more or less adhoc fashion because they came with clients who either moved from other providers or applied (and got) the addresses themselves. So the issue is more sticky than this... if we allow people to take the networks for them for some period of time, thats the smallest network we should allow here? We have plenty of customers on /26 or smaller networks, which I would argue should renumber because its not a big job, but some might disagree... Even a renumber of /24 is not too much to ask for (I think), but certainly a renumber of /20 probably isn't going happen over night. So - where does one draw the line?
Whilst its not the national debt, its still a little too high to sneak past someone under the category `morning tea and biscuits' money.
:)
Actually... I'm told Proctor and Gamble can and have done just this, so maybe it does work. -cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Some people don't have the luxury of being able to do this, however, one Auckland provider I know of, has at last count, about 8 or 9 /24 address going down their wire - all allocated in a more or less adhoc fashion because they came with clients who either moved from other providers or applied (and got) the addresses themselves.
Yeah - I noticed the same thing when I was putting together BGP route filters for Citylink. It's just a mess out there.
So the issue is more sticky than this... if we allow people to take the networks for them for some period of time, thats the smallest network we should allow here? We have plenty of customers on /26 or smaller networks, which I would argue should renumber because its not a big job, but some might disagree...
Even a renumber of /24 is not too much to ask for (I think), but certainly a renumber of /20 probably isn't going happen over night.
So - where does one draw the line?
I like the idea of ``If you want more numbers than you have to give them all back and renumber.'' That way they are going to be forced to renumber at some stage (due to network expansion), or look at using NAT (also a good thing as far as address saving goes). I'm also forming an opinion that nothing smaller than a /24 should be able to be changed between providers. Anything smaller is easy to renumber. The reason that I'm thinking /24 and not a smaller prefix is that some organisations have multiple non-contiguous /24's allocated out of the NZGATE range rather than a contiguous smaller-prefix group. Dean -- ----------------------------------------------------------------------- Dean Pemberton Ph: +61-3-9656-7000 Regional Technical Specialist Asia-Pacific Fx: +61-3-9656-7003 Ascend Communications, Inc Mb: +61-419-117-321 Lvl 38, ANZ Tower, 55 Collins St Melbourne, AUS mailto:dpemberton(a)ascend.com.au ----------------------------------------------------------------------- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Mon, Oct 12, 1998 at 04:21:54PM +1000, Dean Pemberton wrote:
Yeah - I noticed the same thing when I was putting together BGP route filters for Citylink. It's just a mess out there.
How to you create and manage this filter list? I'm looking at writing something to automate that here for various reasons, I know the are the radb tools, but they are really quite nasty and horrible. I'm more looking at doing some kind of RA in a box - just add water.
I like the idea of ``If you want more numbers than you have to give them all back and renumber.'' That way they are going to be forced to renumber at some stage (due to network expansion), or look at using NAT (also a good thing as far as address saving goes).
NAT has its merits, but hasn't been much of an option until recently as most commercial vendors ignored it. (Even though Linux and *BSD have had it since Noah was a boy). NAT doesn't work in all cases though, most NAT implementations don't do protocol translation so things like IRC, non-PASV ftp, real audio, etc. break. It is getting better though... the latest cisco IOS images have NAT (and PAT?) for even the low end routers such as the 1001 and 1003 models, which pretty much brings them in line with the 160x. (Alas, you need more flash and ram than these units come with by default, considerably more, so its not really a cheap solution).
I'm also forming an opinion that nothing smaller than a /24 should be able to be changed between providers. Anything smaller is easy to renumber. The reason that I'm thinking /24 and not a smaller prefix is that some organisations have multiple non-contiguous /24's allocated out of the NZGATE range rather than a contiguous smaller-prefix group.
I would agree... in fact, I would support even larger minimum network sizes than this. -Chris --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Mon, Oct 12, 1998 at 04:21:54PM +1000, Dean Pemberton wrote:
Yeah - I noticed the same thing when I was putting together BGP route filters for Citylink. It's just a mess out there.
How to you create and manage this filter list?
I'm looking at writing something to automate that here for various reasons, I know the are the radb tools, but they are really quite nasty and horrible.
I'm more looking at doing some kind of RA in a box - just add water.
Easy - you set the filters up and then accept a job in another country =) But seriously. Most of the people that I peered with are in the Merit RADB. I used the RAToolkit to do the generation and management. I agree that the tools are pretty crap and I ended up hacking most of them apart so that they worked in my environment. If you were to rewrite some tools they would be in great demand. More so in light of the recent thread about a public WIX RADB server.
I like the idea of ``If you want more numbers than you have to give them all back and renumber.'' That way they are going to be forced to renumber at some stage (due to network expansion), or look at using NAT (also a good thing as far as address saving goes).
NAT has its merits, but hasn't been much of an option until recently as most commercial vendors ignored it. (Even though Linux and *BSD have had it since Noah was a boy).
NAT doesn't work in all cases though, most NAT implementations don't do protocol translation so things like IRC, non-PASV ftp, real audio, etc. break.
It is getting better though... the latest cisco IOS images have NAT (and PAT?) for even the low end routers such as the 1001 and 1003 models, which pretty much brings them in line with the 160x. (Alas, you need more flash and ram than these units come with by default, considerably more, so its not really a cheap solution).
Buy Ascend gear then *cough* - opps, did I say that outloud? =) Seriously. I was only using NAT as an example - I'm well aware of how hard it is to implement in a large network. Thats why I think we should not be pushing people into that sort of stuff unnecessarily. Dean -- ----------------------------------------------------------------------- Dean Pemberton Ph: +61-3-9656-7000 Regional Technical Specialist Asia-Pacific Fx: +61-3-9656-7003 Ascend Communications, Inc Mb: +61-419-117-321 Lvl 38, ANZ Tower, 55 Collins St Melbourne, AUS mailto:dpemberton(a)ascend.com.au ----------------------------------------------------------------------- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
Chris Wedgwood -
craig@laptop.iprolink.co.nz -
Dean Pemberton -
Joe Abley