[4774] in North American Network Operators' Group
Re: Best way to deal with bad advertisements?
daemon@ATHENA.MIT.EDU (Alan Hannan)
Sat Sep 28 13:36:31 1996
From: Alan Hannan <alan@anka.mindvision.com>
To: mpetach@netflight.com (Matthew Petach)
Date: Sat, 28 Sep 1996 12:32:02 -0500 (CDT)
Cc: freedman@netaxs.com, mpetach@netflight.com, nanog@merit.edu
In-Reply-To: <199609281709.KAA02379@falcon.netflight.com> from "Matthew Petach" at Sep 28, 96 10:09:38 am
Hi Matt,
> > In this case, the very first thing you should probably do is to
> > start announcing the more specific /24s to match their advertisements!
> > Depending on AS-PATH length (how various nets hear your announcements
> > vs. theirs) this may solve the immediate problem, allowing you to hunt
> > them down and kill them at your leisure.
>
> The downside to this is that we go from advertising /16's
> out, to advertising a fleet of /24's out, most of which
> would be filtered by Sprint's ever-lovin' CIDR-forcing
> wall.
If your more specific networks are filtered, then wouldn't the
evil ISP's be filtered as well?
This would be a large problem only if you gain transit from Sprint....
> I agree with Sprint, and Sean, but in this case
> it pretty much makes it hard for us to force the issue
> by dropping to the same or smaller sized announcement.
Well, I'm not sure that the two entities can be put in the
same sentence any more, but you can always leave the less specific
/16 in there while you attempt to advertise the more speciic.
> Good thought, though! Even if it does result in going
> from 2 /16 announcements to 512 /24 announcements in
> the process, growing the routing tables, and generally
> making everyone else unhappy as well.
I'd rather have happy workable customers and an unhappy
community in the short run, than unhappy unworkable customers and
a happy community.
I think your letter will raise the awareness of this kind of
problem. Of course we all know it's possible, but it's not a
problem that we've had to deal with on a malicious level.
? I do assume that there's no doubt the evil-isp is doing this
maliciously?
> *sigh* There really MUST be some nice way of handling
> lame ISP's like this.
One thing you could do is coordinate with largerish ISPs to filter
the incorect network from the affected peering sessions. While
this is a stopgap fix, and not one to be repeated, I don't think
you'd have problems getting it done w/ MCI, UUnet, AGIS, etc...
> > 1) Announce *your own* routes more specifically.
> > This may lose you ANS connectivity, though.
>
> And Sprint, and anyone else that filters small specifics.
Again, not if you leave the /23 or /16s in place... Then you
just revert to the pre-action situation. It is again important to
note that if your announcement would be blocked by mask length
policies, then the evil-isp would be as well.
> > 2) Announce *their* routes more specifically.
Ouch, that's playing as dirty as them. Can't recommend it unless
it's life or death...
> I took that step last night, and was advised to remove it by
> those more in tune with legal issues. I guess it's not
> considered "nice" to sink to the same level as your
> attacker, and play dirty. :-}
Aiyeee.
> > 3) You can post to NANOG and other lists in an attempt to embarrass/
> > get someone who knows the jokers to poke them.
I recommend this, show traceroutes, RR entries, InterNIC assignments,
routing table dumps, and state the problem clearly. You can bet
the appropriate folks will poke them.
In summary, whatever they do to hit you, do for yourself in
self-defense. Don't advertise their networks, just advertise your
networks as specifically as needed. Continue to raise the ante by
involving more appropriate folks, and provide specific
documentation to those involved of what happened when. It sounds
like a war to me. Try to find middle ground with them, there must
be SOME reason they are after your cidr space. Perhaps you can
negotiate a fix?
I doubt it will be to long before a standard as-path list looks
like this:
....
ip as-path 10 deny EVIL-ISP1-AS
ip as-path 10 deny EVIL-ISP2-AS
ip as-path 10 deny EVIL-ISP3-AS
....
In this age of global routing, with no central body, politicking
and negotiation are your best tools for solution. There's no
overseeing body to go to. You can gain allies, but it's up to
you. Good luck, and count most folks here as allies.
$.02
-alan
