From what I understand, the ISP does not accept any prefix from WIX that is larger than a /24. Given our traffic is being sent directly to their WIX router (layer-2 headers confirm this), I believe their ingress filtering is dropping
From what I can tell, there are 30 prefixes advertised on WIX that are >/24, and
I've run up against a frustrating problem and some advice would be appreciated. We have a /29 via AT&T here in Wellington. We advertise this /29 to the WIX route servers. Via WIX, we receive a prefix from a national ISP[1]. Any attempts to send traffic to this ISP fall silently into the bit-bucket. this traffic since the return-path doesn't match. If I filter the ISP's prefix, the transit is handled by AT&T and everything works just fine. Effectively, the only way I can talk to them is to go "the long way". Now, I have no major problem with any AS saying "our policy states we only accept prefixes smaller than /24". What frustrates me is that the ISP is seemingly saying : ISP> Hello Wellington! If you have any packets for this prefix, send them to me! US > Excellent! Here, have some traffic for one of your hosts. ISP> What? Who are you? I think I'll drop this. [ ... ] ISP> Send me your traffic Wellington! these amount to ~672 hosts. If I'm correct (and I'll admit I'm making an educated guess here), then all of those hosts are unable to talk to this ISP. So, my options are: 1. Stop playing with pissant /29's on WIX. 2. Get the ISP to change their ways. 3. Filter the ISP's prefixes that I receive from WIX. I think the most likely option is #3. However how am I to know what other networks do the same thing? Shall I troll every single WIX network to check I can talk to them, then build a filter-list based on that? Ugly. Sam. ----- [1] Since I have disagreed with the ISP in question, and they haven't been forthcoming in getting it resolved, I've elected not to name them. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Nov 01, 2002 at 12:40:05PM +1300, Sam Sargeant wrote:
From what I understand, the ISP does not accept any prefix from WIX that is larger than a /24. Given our traffic is being sent directly to their WIX router (layer-2 headers confirm this), I believe their ingress filtering is dropping this traffic since the return-path doesn't match.
If the ISP is applying strict unicast RPF checks to an interface on an exchange point, not being able to receive packets from you is probably the least of their problems. Perhaps in a couple of weeks' time the ISPs customers will have got fed up of not being able to reach half of NZ, and will have found service elsewhere. Once that happens, your problem is solved :) Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Nov 01, 2002 at 12:40:05PM +1300, Sam Sargeant wrote:
From what I understand, the ISP does not accept any prefix from WIX that is larger than a /24. Given our traffic is being sent directly to their WIX router (layer-2 headers confirm this), I believe their ingress filtering is dropping this traffic since the return-path doesn't match.
path verification at exchange points and some other places is bogus, if they are doing this, they need to fix their router --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
From what I understand, the ISP does not accept any prefix from WIX that is larger than a /24. Given our traffic is being sent directly to their WIX router (layer-2 headers confirm this), I believe their ingress filtering is dropping this traffic since the return-path doesn't match.
path verification at exchange points and some other places is bogus, if they are doing this, they need to fix their router
He's talking about us. There is no path verification in place (duh!). Sam, youre more than welcome to email me directly so that I can explain to you yet again why you are wrong. -- Cheers. James Tyson --- Samizdat New Media Solutions - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Nov 01, 2002 at 07:09:08PM +1300, James Tyson wrote:
Sam, youre more than welcome to email me directly so that I can explain to you yet again why you are wrong.
Then Sam, you are welcome to email the rest of us the result. I'm interested in how this turns out. Dean - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
What is the /29 range?
You haven't posted enough info to allow anyone else to look at the problem...
Quoting Sam Sargeant
I've run up against a frustrating problem and some advice would be appreciated.
We have a /29 via AT&T here in Wellington. We advertise this /29 to the WIX route servers.
Via WIX, we receive a prefix from a national ISP[1]. Any attempts to send traffic to this ISP fall silently into the bit-bucket.
From what I understand, the ISP does not accept any prefix from WIX that is larger than a /24. Given our traffic is being sent directly to their WIX router (layer-2 headers confirm this), I believe their ingress filtering is dropping this traffic since the return-path doesn't match.
If I filter the ISP's prefix, the transit is handled by AT&T and everything works just fine. Effectively, the only way I can talk to them is to go "the long way".
Now, I have no major problem with any AS saying "our policy states we only accept prefixes smaller than /24". What frustrates me is that the ISP is seemingly saying :
ISP> Hello Wellington! If you have any packets for this prefix, send them to me!
US > Excellent! Here, have some traffic for one of your hosts.
ISP> What? Who are you? I think I'll drop this.
[ ... ]
ISP> Send me your traffic Wellington!
From what I can tell, there are 30 prefixes advertised on WIX that are >/24, and these amount to ~672 hosts. If I'm correct (and I'll admit I'm making an educated guess here), then all of those hosts are unable to talk to this ISP.
So, my options are:
1. Stop playing with pissant /29's on WIX. 2. Get the ISP to change their ways. 3. Filter the ISP's prefixes that I receive from WIX.
I think the most likely option is #3. However how am I to know what other networks do the same thing? Shall I troll every single WIX network to check I can talk to them, then build a filter-list based on that? Ugly.
Sam.
----- [1] Since I have disagreed with the ISP in question, and they haven't been forthcoming in getting it resolved, I've elected not to name them.
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (6)
-
Chris Wedgwood -
Dean Pemberton -
Gordon Smith -
James Tyson -
Joe Abley -
Sam Sargeant