|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
To: Pekka Savola <pekkas@netcore.fi> In-Reply-To: Your message of "Thu, 11 Sep 2008 11:24:43 PDT." <20080911182443.635024500F@ptavv.es.net> Date: Thu, 11 Sep 2008 13:41:28 -0700 From: "Kevin Oberman" <oberman@es.net> X-To: Pekka Savola <pekkas@netcore.fi> Cc: bmanning@vacation.karoshi.com, nanog@merit.edu, k claffy <kc@caida.org> Errors-To: nanog-bounces@nanog.org --==_Exmh_1221165687_27033P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Thu, 11 Sep 2008 11:24:43 -0700 > From: "Kevin Oberman" <oberman@es.net> > > > Date: Thu, 11 Sep 2008 20:59:39 +0300 (EEST) > > From: Pekka Savola <pekkas@netcore.fi> > > > > On Thu, 11 Sep 2008, Jo Rhett wrote: > > > On Sep 11, 2008, at 10:10 AM, Valdis.Kletnieks@vt.edu wrote: > > >> By the time you walk our list of upstreams to any of the '5 biggest > > >> anything', you've gotten to places where our multihomed status > > >> means you can't filter our source address very easily (or more > > >> properly, where you can't filter multihomed sources in general). > > > > > > I don't agree with this statement. I hear this a lot, and it's not really > > > true. Being multihomed doesn't mean that your source addresses are likely to > > > be random. (or would be valid if they were) > > > > > > A significant portion of our customers, and *all* of the biggest paying ones, > > > are multihomed. And they might have a lot of different ranges, but we know > > > what the ranges are and filter on those. > > > > If you can manage ACLs for these customers, that's fine. But maybe > > your multihomed customers and '5 biggest anything' customers are > > different. Maybe your multihomed customer has 5 prefixes. The big > > ones could have 5000. That's a pretty big ACL to manage. > > It's big, but not un-workable. Just looking at our lists, the longest is > over 212K entries and we have 5 over 5K and 20 over 1K. We would have > even bigger ones if the IRR had more complete information. Ack! Fat fingered it! Certainly not 212K entries. That was supposed to be 12K. Not nearly so impressive. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1221165687_27033P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFIyYJ3kn3rs5h7N1ERAjAZAJ9yPWyYCctdrFVi9njMzCjRHucwvQCfUZyp W88DBmZlWCIarY2NpBPtjWw= =8GC0 -----END PGP SIGNATURE----- --==_Exmh_1221165687_27033P--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |