[66427] in North American Network Operators' Group
RE: /24s run amuck
daemon@ATHENA.MIT.EDU (Michael Hallgren)
Tue Jan 13 06:34:28 2004
From: "Michael Hallgren" <m.hallgren@free.fr>
To: <nanog@merit.edu>
Date: Tue, 13 Jan 2004 12:33:50 +0100
In-Reply-To: <Pine.LNX.4.44.0401131106510.1268-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog-outgoing@merit.edu
>
> Deaggregation is at an all time high, I have raised this
> publically in some forums and IXP ops lists. Response is
> poor, action is non-existent.
>
> The only way I can see to do anything about this is for
> upstreams to educate their customers and others to pressure
> their peers.
>
> Two primary reasons are given, one is for traffic engineering
> purposes to either control the ingress of traffic or to allow
> a network to function with critical links down and the other
> is to allow blocks to be dropped to mitigate the effects of a
> DDoS, I dont believe either justify the deaggregation of
> large aggregates into Nx/24s
Shared belief: some reasonably small subset potentially functionally
justified/relevant, majority unlikely so.
> and that a large driver is to
> make your network look larger than it is...
>
What audience??
mh
> Steve
>
> On Sat, 10 Jan 2004, Richard A Steenbergen wrote:
>
> > Ok, I realized I haven't done one of these since 2001, so it's time
> > for an updated list of /24 polluters. With /24s accounting for over
> > 50% (more than 71k) of the announcements on the Internet, it seems
> > reasonable to try and take a look at why there are so many.
> >
> > One of the patterns which quickly becomes evident is the
> announcing of
> > "almost all" of a larger block, but with enough gaps that
> traditional
> > scripts which look for CIDR aggregation can miss it. For example,
> > someone who owns a /16 and announces it as 250 /24s might
> not show up
> > in other CIDR aggregation scripts because of the missing 5
> /24s, or if
> > 1 of the /24s has a different AS Path.
> >
> > So, solely for the purpose of looking for this pattern, I
> have written
> > a script which counts the number of /24s announced within a /16 (an
> > admittedly arbitrary range, but one which happens to work) with a
> > consistant AS Path, and sorts by the highest count. This of course
> > doesn't mean for certain that the netblock listed doesn't
> have a good
> > reason for their deaggregation, but odds are they don't or could
> > otherwise take steps to limit announcement to the general internet
> > (for example a cable modem provider with 250 individual routes /24s
> > but only a single upstream provider, who could announce a
> /16 globally
> > and use no-export on the more specifics).
> >
> > This is done from the point of view of a Global Crossing (AS3549)
> > transit feed, so things may look slightly different fromy
> our corner
> > of the Internet. You have been warned.
> >
> > A summary of the top 250 netblocks by count:
> >
> > http://www.e-gerbil.net/ras/projects/ipaddr/24summary
> >
> > Detailed list of the netblocks and AS Path by count:
> >
> > http://www.e-gerbil.net/ras/projects/ipaddr/24dump
> >
> > A sorted list of the origin ASs contributing the /24s in
> the above lists:
> >
> > http://www.e-gerbil.net/ras/projects/ipaddr/24asn
> >
> > If you are on the list or know someone who is, please
> encourage them
> > to take steps to clean up their act. You may now return to your
> > regularly scheduled complaining about Verisign.
> >
> >
>
>
>
