I think that with local peering on the increase throughout New Zealand a
RADB or similar would be extremly useful.
At NZIX for instance we should all be running BGP, with filters to prevent
unauthorised advertisments arriving from someone elses router. While a RADB
would only be as good as the information it held and how well you could
trust someone to enter data into it. It would still be better than what we
have at the moment (almost nothing).
I think almost everybody has had to change a metric at Waikato because
someone has accidently advertised the wrong Network. I know I did it when
we multi-homed a netlink customer several years ago. And I know it has
happened to me serveral times. I actually remember a 4am 6 way conversation
with Sandy yourself, KC and Iprolink trying to work out a OSPF routing error
that turned out to be a Cisco bug, which was only preventable by adding a
access-list.
We don't have to invest in a server or nominate someone to maintain one, we
could all use the merit radb today.
The issue arrises (as you have mentioned) when we register "our" IP
Addresses against our AS. Most ISPs still have legacy IP space which
"belongs" to the larger /16, /15 etc that netway currently advertise, this
usually comes from companies which don't want to change.
I would like to have the addresses which these organisations have been
allocated by Apnic (nznic at the time), routed with our AS number. And as
such stored in a database with my AS so that other local bodies that I peer
with may use this information to build reliable filter-lists.
This would be advantageous to a company like ICONZ, where by if a major
international outage occured (heaven forbid :), with our supplier then we
would be able to come to some arrangement with another ISP that we peer with
to use their international capacity albeit at a decreased performance level,
this could be acheived simply by changing some routing filters, assuming
that all the appropriate entries were in the RADB(s).
Education is required to ensure that people don't think that they own a
certain IP address range indefinitely. As the internet requires the
addresses to be aggregated organisations need to know this, and understand
why. I think that this has been shown by the recent campaign to bring the
190.xx (or what ever it was) range back into some real size perspective.
-Rowan
-----Original Message-----
From: Arron Scott
Hi all,
I would be interested to know what scenarios people have for using such a database. NetGate currently has a fairly complex routing table, and yet our boundary routing inside New Zealand still remains fairly simple.
I am also slightly concerned that having these entries in a database would infer some "right of ownership" for certain address space, which would do the concept of hierarchical routing a server disservice. From my experience, any time someone enters a new entry in the RADB, even if it is a "black hole" from someone elses CIDR block they feel it gives them a right to use that given address space indefinately. We may also have to consider asking for the right to administer sub-delegations of our APNIC registered addresses ourselves.
I am not against a router server, I am however keen to ensure it offers tangible benefits to the users, and improves things for the Internet society at large.
Arron Scott Telecom NZ
At 05:03 PM 2/06/98 +1200, John Houlker wrote:
I understand a number of ISPs in NZ would be interested in using a route policy database to allow communication of this information and, in particular, to enable automated maintenance of filters to control route policies. Recently we have had a Computer Science student run an informal survey of some ISPs on this issue and again there was an interested response from most; he has also been revisiting the situation in respect to running a database using the "Route Arbiter" code. I didn't get to the NZNOG meeting (perhaps this was discussed there), but could "NZNOG" consider this question and perhaps encourage the application of such coordinated controls on route information?
In principle I believe the IRR could be used for such a purpose, and it may be good practise to load AS/route object information in there in any case (it is especially important for multi-homed networks), but maybe there should be a NZ based service for NZ information.
Thoughts?
John
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
_________________________________________________________________________ Arron Scott Phone: ++64-9-3569687 Service Specialist Fax: ++64-9-3794790 Service Implementation & Management Group Cell: ++64-25-883163 Telecom NZ Ltd eMail: arrons(a)netgate.net.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 18:00 +0000 2/6/98, Arron Scott wrote:
I would be interested to know what scenarios people have for using such a database. NetGate currently has a fairly complex routing table, and yet our boundary routing inside New Zealand still remains fairly simple.
Relatively simple perhaps, but as Rowan recalls we have had unpleasant enough problems all the same, and, for example, on several occassions we have been asked to "fix the routing errors on the NZIX" (and we have to explain that currently there is no simple nob to turn for such a fix). I also worry that we have been lucky so far, the potential for melt down exists (e.g., the AS 7007 disaster).
I am also slightly concerned that having these entries in a database would infer some "right of ownership" for certain address space, which would do the concept of hierarchical routing a server disservice. From my experience, any time someone enters a new entry in the RADB, even if it is a "black hole" from someone elses CIDR block they feel it gives them a right to use that given address space indefinately.
I agree there is a dangerous disconnection between the provider based address allocation administered by the registries and the controls operated within the IRR (not to mention the exposure from the number of backbone ISPs that don't even use the IRR). I gather this issue has been raised on a number of occassions but the failure to reach an agreed solution I suspect represents the true state of loose ends and grief in full implementation of provider based addressing (everywhere, not just in NZ). At 20:05 +1200 2/6/98, Rowan Smith wrote: ...
The issue arrises (as you have mentioned) when we register "our" IP Addresses against our AS. Most ISPs still have legacy IP space which "belongs" to the larger /16, /15 etc that netway currently advertise, this usually comes from companies which don't want to change.
These are hard problems but perhaps an open and frank discussion of the (I believe major) benefits of route information coordination, could help set the scene for resolution of address "ownership" angst. Surely it would represent a a serious failure of inter-provider coordination to have to live with network fragility just to avoid clear expression of what routing operator's believe they should have.
I would like to have the addresses which these organisations have been allocated by Apnic (nznic at the time), routed with our AS number. And as such stored in a database with my AS so that other local bodies that I peer with may use this information to build reliable filter-lists.
This would be advantageous to a company like ICONZ, where by if a major international outage occured (heaven forbid :), with our supplier then we would be able to come to some arrangement with another ISP that we peer with to use their international capacity albeit at a decreased performance level, this could be acheived simply by changing some routing filters, assuming that all the appropriate entries were in the RADB(s).
Indeed if ISPs currently build ad hoc filters to implement their view of the routing world in NZ, this would likely fail to handle major (and relatively rapid) changes in toplogy.
Education is required to ensure that people don't think that they own a certain IP address range indefinitely. As the internet requires the addresses to be aggregated organisations need to know this, and understand why. I think that this has been shown by the recent campaign to bring the 190.xx (or what ever it was) range back into some real size perspective.
There are enough cases already where "education" does't appear to have shifted strongly held views about address ownership, and New Zealand is no different here to other countries - pointing out the global initiatives should help but the difficulties are all too real. Again I would argue that implementation of route registry based controls would help illuminate the issues (and "Sunlight is the best disinfectant"). John --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
OK ... Continuing the line of devil's advocate, both Rowan and John have some pretty good points, however I think some service providers I know of still see the current IRR as a particularly annoying technology for the delaying of route propogation on the network, rather than a means for ensuring reliability and stability in the network. Therefore any solution the IX's would employ would have to have some clear guidelines and procedures. So to continue, given that the issue of provider based addressing is covered off, and some agreement of the use of maintainer IDs is made to ensure people do not prevent thier customers from moving from provider to provider, how would people envision the RR being deployed : - I assume the major IX points would tell their customers they must add their networks to whichever RR they decided to use. Otherwise no gaurantee could be provided for the acceptance of their routes. - I also assume the IX points would not be able to enforce whether a customer listens to the RR or not, allowing each customer to choose which routes they learnt. - Who would determine if each IX would enforce use of the RR, I particularly mean the WIX and AIX here, as the University Of Waikato does have some influence over the rules employed at NZIX. ie. What if Joe-MegaISP decided putting their routes in the RR was "disadvantageous" to their business or their customers (say for privacy reasons), he might complain that using the RR was anti-competitive. Would there be a legal case for this ? - Given that we use the Merit RADB, who would handle disputes in entries in that database, if we used our own who would set policy there and resolve disputes ? Again ... I don't want to sound completely negative, just prompting thought. I think with a little more discussion, and after a few more views from the others on this list we could consider a round-table, but lets check the broad interest first. Arron Scott Telecom NZ _________________________________________________________________________ Arron Scott Phone: ++64-9-3569687 Service Specialist Fax: ++64-9-3794790 Service Implementation & Management Group Cell: ++64-25-883163 Telecom NZ Ltd eMail: arrons(a)netgate.net.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Arron Scott -
John Houlker -
Rowan Smith