On Apr 30, 2014, at 09:15 , Jérôme Nicolle <jer...@ceriz.fr> wrote: > Le 29/04/2014 04:39, valdis.kletni...@vt.edu a écrit :
> > Do we have a handle on what percent of the de-aggrs are legitimate > > attempts at TE, and what percent are just whoopsies that should be > > re-aggregated? > > Deaggs can "legitimatelly" occur for a different purpose : hijack > prevention (Pilosov & Kapela style). > > It's fairly easy to punch a hole in a larger prefix, but winning the > reachability race while unable to propagate a more specific prefix > significantly increase hijacking costs. Excellent point, Jérôme. Let's make sure nothing is hijack-able. Quick, let's de-agg -everything- to /24s. Everyone's routers can sustain > 10 million prefixes per full table, right? Jérôme, how many prefixes can your routers handle? Or we could stop thinking that abusing a shared resource for personal gain is a great idea. > For a less densely connected network (no presence on public IXPs, poor > transits...), renumbering critical services (DNS, MX, extranets) to > one of their /24s and de-aggregating it could be a smart move. See my previous post. Of course deaggregation can have a use, but for a network is no peering an one or a few transits, those more specifices never have to hit the global table. Sending that /24 to your transit provider(s) with no-export will have the _exact_same_effect_, and not pollute anyone's routers whom you are not paying. The idea "I have a 'reason' for hurting everyone else, so it is OK" has got to stop. Just because you have a reason does not make it OK. And even when it is a good idea, most people implement it so poorly as to cause unneeded harm. -- TTFN, patrick
signature.asc
Description: Message signed with OpenPGP using GPGMail
