I have a question which I'm hoping the NZNOG community can help me with. Within NZ, what is the maximum number of hops from APE to any consumer's interface device? (smarty-phone, ADSL modem, whatever)? Or more pragmatically, let's say the 99th percentile, as in, fewer than 1% of customers are more than X hops away from APE. If this information is already available, I'd appreciate a pointer, otherwise... If you are an ISP could you give me an indicative number of hops from APE to your customers' CPE. If you can include a prefix length reflecting the number of affected customers that would help too. (Ideally the maximum across all your customers, but if you have a few oddball customers with longer paths, just the 99% will do.) If you're an ISP customer and would like to tell me your hop-count to APE (counting from your CPE, not from your computer) and your ISP's name, that would also be appreciated. Replies off-list and I will summarize back to the list. Here's the background: I'm investigating ways of limiting traffic so that it does not leave New Zealand, that can be configured on an application-by-application basis. Obviously if one has an upstream to "global" and a separate upstream to APE or WIX, then it's simple to filter traffic at those egresses. However for the average end-user, it's difficult to get multiple VLANs to their provider, let alone multiple physical links. In an ideal world, one would simply set some QoS bits and your upstream would understand them and do the filtering based on *their* egress, but in practice I haven't heard of any suppliers offering such a service. So I'm looking at DIY options ... In particular, I'm looking at setting the TTL on outgoing packets. We know how many hops it is from "our" hosts to APE, and I guestimate no more than 2 hops from a consumers border device (modem, whatever) to their client devices; So far it looks like setting the TTL so that it's down to 5 at APE will mean most of NZ is reachable, and most of the rest of the world isn't, assuming the international provider is as many hops from me as APE. But I'd really like to get a firmer idea of "how much of NZ will be unreachable given an egress hop limit of X?" (The idea is to find X where the list of exception prefixes is small enough to manage manually, while still blocking the majority of foreign traffic.) What I'd like to find out from the NZNOG community is the distribution of customers at various hop-counts from APE. -Martin
On Mon, 16 Dec 2013 18:15:02 +1300 (NZDT), Martin Kealey wrote:
If you're an ISP customer and would like to tell me your hop-count to APE (counting from your CPE, not from your computer) and your ISP's name, that would also be appreciated.
One ought to be careful doing this, as operators are likely running MPLS networks nowadays which may not expose the internal hopcount accurately if at all :) -- Michael
On Mon, 16 Dec 2013, Michael Fincham wrote:
One ought to be careful doing this, as operators are likely running MPLS networks nowadays which may not expose the internal hopcount accurately if at all :)
True, but in this case I really only care about the visible hops anyway; invisible hops do not affect the calculations for setting the outgoing TTL. Also, thanks to Jon Brewer for pointing me at the Internet Census; their "traceroute" file is part of the answer, but unfortunately it is not exactly comprehensive; e.g. 192.203.154.0/24 only appears 48 times in the whole file. So sample data is still welcome. -Martin
All the data required for such an exercise should be available here:
https://archive.org/details/internetcensus_gzip_1
You want the last file in the list, traceroute.gz.
Thanks to the anonymous author of the Carna Botnet, to Parth Shukla
(AusCERT), and to Jason Scott (TEXTFILES) at the Internet Archive for
bringing this all together.
Cheers,
Jon
On Mon, Dec 16, 2013 at 6:15 PM, Martin Kealey
I have a question which I'm hoping the NZNOG community can help me with.
Within NZ, what is the maximum number of hops from APE to any consumer's interface device? (smarty-phone, ADSL modem, whatever)? Or more pragmatically, let's say the 99th percentile, as in, fewer than 1% of customers are more than X hops away from APE.
If this information is already available, I'd appreciate a pointer, otherwise...
If you are an ISP could you give me an indicative number of hops from APE to your customers' CPE. If you can include a prefix length reflecting the number of affected customers that would help too. (Ideally the maximum across all your customers, but if you have a few oddball customers with longer paths, just the 99% will do.)
If you're an ISP customer and would like to tell me your hop-count to APE (counting from your CPE, not from your computer) and your ISP's name, that would also be appreciated.
Replies off-list and I will summarize back to the list.
Here's the background:
I'm investigating ways of limiting traffic so that it does not leave New Zealand, that can be configured on an application-by-application basis.
Obviously if one has an upstream to "global" and a separate upstream to APE or WIX, then it's simple to filter traffic at those egresses.
However for the average end-user, it's difficult to get multiple VLANs to their provider, let alone multiple physical links.
In an ideal world, one would simply set some QoS bits and your upstream would understand them and do the filtering based on *their* egress, but in practice I haven't heard of any suppliers offering such a service.
So I'm looking at DIY options ...
In particular, I'm looking at setting the TTL on outgoing packets. We know how many hops it is from "our" hosts to APE, and I guestimate no more than 2 hops from a consumers border device (modem, whatever) to their client devices;
So far it looks like setting the TTL so that it's down to 5 at APE will mean most of NZ is reachable, and most of the rest of the world isn't, assuming the international provider is as many hops from me as APE.
But I'd really like to get a firmer idea of "how much of NZ will be unreachable given an egress hop limit of X?"
(The idea is to find X where the list of exception prefixes is small enough to manage manually, while still blocking the majority of foreign traffic.)
What I'd like to find out from the NZNOG community is the distribution of customers at various hop-counts from APE.
-Martin _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
participants (3)
-
Jonathan Brewer -
Martin Kealey -
Michael Fincham