[171451] in North American Network Operators' Group
Re: We hit half-million: The Cidr Report
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Apr 30 10:54:49 2014
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <5360F786.3090101@ceriz.fr>
Date: Wed, 30 Apr 2014 10:54:34 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_C4D7DBF8-6F07-40AC-A00E-FC400D73EA3F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Apr 30, 2014, at 09:15 , J=E9r=F4me Nicolle <jerome@ceriz.fr> wrote:
> Le 29/04/2014 04:39, Valdis.Kletnieks@vt.edu a =E9crit :
> > Do we have a handle on what percent of the de-aggrs are legitimate
> > attempts at TE, and what percent are just whoopsies that should be
> > re-aggregated?
>=20
> Deaggs can "legitimatelly" occur for a different purpose : hijack
> prevention (Pilosov & Kapela style).
>=20
> It's fairly easy to punch a hole in a larger prefix, but winning the
> reachability race while unable to propagate a more specific prefix
> significantly increase hijacking costs.
Excellent point, J=E9r=F4me.
Let's make sure nothing is hijack-able. Quick, let's de-agg -everything- =
to /24s. Everyone's routers can sustain > 10 million prefixes per full =
table, right? J=E9r=F4me, how many prefixes can your routers handle?
Or we could stop thinking that abusing a shared resource for personal =
gain is a great idea.
> For a less densely connected network (no presence on public IXPs, poor
> transits...), renumbering critical services (DNS, MX, extranets) to
> one of their /24s and de-aggregating it could be a smart move.
See my previous post. Of course deaggregation can have a use, but for a =
network is no peering an one or a few transits, those more specifices =
never have to hit the global table. Sending that /24 to your transit =
provider(s) with no-export will have the _exact_same_effect_, and not =
pollute anyone's routers whom you are not paying.
The idea "I have a 'reason' for hurting everyone else, so it is OK" has =
got to stop. Just because you have a reason does not make it OK. And =
even when it is a good idea, most people implement it so poorly as to =
cause unneeded harm.
--=20
TTFN,
patrick
--Apple-Mail=_C4D7DBF8-6F07-40AC-A00E-FC400D73EA3F
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJTYQ6qAAoJEHZX8udmu5TXAXUH/jkjYKVA3bcXs7Sf0HqOtuNi
QxuA1pdfE7avk5sqDXi15b4IOrFs9qoB/jA4uF7CLmyZf8dE5wnEnhPs4SulKO3C
wUnDmtsZ7OpK/Lt3/orm+iPdR6SSUieo0lh+k7G6QzaBR6PKY/fK+ax2KYgOBjJp
rCR1bRbGkxEY41WDjdGCjBljhI38XUy2q55603yVGbwcFVIObwepTeUEZ2Cg9Gku
AXzbJAUxMOnHApVLTevZxbWTs2m+kGI3HqsjkyO0I5aN0h+cFneaZuGHKEPjRv8M
O9KviN+9fRWR05r91GXO+HhsJtB8/ISvfniOqhW9XEYp+HVO99hQO/d+yfZiMeU=
=NLJL
-----END PGP SIGNATURE-----
--Apple-Mail=_C4D7DBF8-6F07-40AC-A00E-FC400D73EA3F--
