[11486] in Commercialization & Privatization of the Internet
Re: The whole CIX concept is flawed (fwd)
daemon@ATHENA.MIT.EDU (Karl Denninger)
Mon Apr 4 08:43:53 1994
From: karl@mcs.com (Karl Denninger)
To: com-priv@psi.com
Date: Mon, 4 Apr 1994 03:22:43 -0500 (CDT)
Forwarded message:
>From karl Mon Apr 4 03:22:24 1994
Message-Id: <m0pnjvM-000BbnC@mercury.mcs.com>
>From: karl (Karl Denninger)
Subject: Re: The whole CIX concept is flawed
To: avg@sprint.net (Vadim Antonov)
Date: Mon, 4 Apr 1994 03:22:24 -0500 (CDT)
Cc: karl@mcs.com
In-Reply-To: <199404040638.CAA06788@titan.sprintlink.net> from "Vadim Antonov" at Apr 4, 94 02:38:31 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 4762
> >> The real problem with CIX is that their policy is technically
> >> cannot be enforced. Since IP is based on destination-only routing
> >> decisions if i route to some networks thru CIX i have to route
> >> packets this way for *all* my customers.
>
> >This is simply not true. I can refuse a route for any particular IP number,
> >and poof -- no transit through me.
>
> Sorry, but it works only for *incoming* traffic. Now, let's assume
> that i have the following topology (known as "routing fish"):
>
> UA CIX
> \ / \
> S UC
> / \ /
> UB Z
>
> If UA is a member of CIX and path UA-S-CIX-UC is better than UA-S-Z-UC
> UA would reasonably expect routing thru CIX. Now, assume that UB
> *is not* a member of CIX and still wants to reach UC. Since box S
> does not differentiate between sources of packets it cannot route
> traffic to the same destination thru CIX for UA or thru Z for UB.
Yes, I understand the problem here.
Does not CIDR in some ways make this worse, in that it create superclasses
of routes which all go the same way, policy be damned?
What you have here is a policy routing problem.
The real problem here is that there are two groups of issues -- sources and
destinations. The current routing protocols only deal with destinations
and ignore sources, yet the <crux> of the problem today is the sources
of packets, at least in the CIX discussion.
That's an anachronism really. We could just as easily play the CIX model
based on the <destination> of packets. That is, if "UC" is not a CIX
member, then it cannot <receive> packets routed through the CIX. UA and
UB then don't matter.
This fits with the current routing model as well.
It might, however, destroy the usefulness of the CIX model as it exists
today....
> Alternatively, using CIX connection means that i will have to *force*
> all customers to comply with the CIX policy (i.e. to pay $10k even
> if their average traffic thru CIX will be 1 packet a day). Since
> it makes no business sense at all if CIX will insist on up-to-the-letter
> compliance to their policy nation-wide NSPs will simply walk away and
> formation of policy-free D-GIX-like exchanges will be accelerated.
I have no problem with the formation of policy-free interconnect points,
as long as they are also settlement-free and available to all on a
non-discriminatory basis..... if they're not then you're creating a
leverage point for monopoly interests to form. That concerns me.
> Anyway, CIX is quickly becoming obsolete because it is based on
> non-scalable technology and won't accomodate multiple DS-3s.
> Given the story with upgrade to BGP-4 i somehow don't believe
> CIX is able to adapt to the new realities of multiparty commercial
> Internet.
Well, perhaps and perhaps not. It remains to be seen what kind of
engineering effort(s) come out of the board and the membership in this
area. I don't happen to think the problems are insurmountable -- just not
those that many router vendors happen to care about.
> >[filtering packets]
>
> I would say killing packets is highly antisocial because it creates
> black holes (of course, killing *incoming* packets to destinations
> *you* didn't advertise is ok).
Yep. This is the problem -- if someone kills packets because they want to
"block" ISP "A", then those packets won't be rerouted -- they will instead
disappear! This is the worst of all worlds -- your best route is through
ISP "B", who is blocking traffic from you, and while there IS another route
you won't use it because its suboptimal -- and you don't know that ISP "B"
is doing the blocking in the routing layer.
Killing inbound packets to destinations you didn't advertise is not only
ok, it is probably smart. Unfortunately it is not easy to do with today's
router technology. Blargh on the router folks. There ought to be an easy
way to say "if I'm not advertising a route to this address, whack it at
the entry point to my cloud." What most routers will do today is find a
way to route the packet if they can, even if it means sending it back out
the interface it came in on. A concerted attack on an ISP could be mounted
by sending trash traffic at them in an attempt to overload their backlinks;
this is particularly effective if they are being charged by percentage of
use......
> >> As it stands CIX is a perfect example of politics ignoring technical
> >> laws.
>
> >See above.
>
> See above.
--
--
Karl Denninger (karl@MCS.Net)| MCSNet - Full Internet Connectivity (shell,
Modem: [+1 312 248-0900] | PPP, SLIP, leased) in Chicago and 'burbs.
Voice/FAX: [+1 312 248-8649] | Email "info@mcs.com". MCSNet is a CIX member.
Fan Friendly Internet Here | WWW: http://www.mcs.net, gopher: gopher.mcs.net
