[150490] in North American Network Operators' Group
Re: do not filter your customers
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Feb 24 22:54:02 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Network Operators' Group <nanog@nanog.org>
Date: Sat, 25 Feb 2012 03:52:56 +0000
In-Reply-To: <CAL9jLaZ45P-Cd0cFZAhufMEgAVa6XoQ3dUBOWk=-n3jTVBY1Rw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 25, 2012, at 9:39 AM, Christopher Morrow wrote:
> it seems to me that most of the options discussed for this are .. bad, in=
one dimension or another :(
Concur.
> X prefixes/packets in Y seconds/milliseconds doesn't keep the peer from b=
lowing up your RIB,
How so? If the configured parameters are exceeded, stop accepting/insertin=
g updates until this is no longer the case. Exceptions would be made for p=
eering session establishment, it would take effect after that.
> it does slow down convergence :(
Yes, but is this always necessarily a Bad Thing? For example, this particu=
lar circumstance (and many like it, c.f. AS7007 incident, et. al.) it coul=
d be argued that in this particular case, [incorrect? undesirable? premat=
ure? pessimal?] convergence led to a poor result, could it not?
> If you have 200 peers on an edge device, dropping the whole device's rout=
ing capabilities because of one AS7007/AS1221/AS9121 .. isn't cool
> to your network nor the other customers on that device :(
Apologies for being unclear; I wasn't suggesting dropping or removing anyth=
ing, but rather refusing to further accept/insert updates from a given peer=
until the update rate from said peer slowed to within configured parameter=
s.
> max-prefix as it exists today at least caps the damage at one customer.
But it doesn't, really, does it? The effects cascade in an anisotropic man=
ner throughout a potentially large transit cone.
> The knobs available are sort of harsh all the way around though today :(
Concur again, sigh.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
