Re: BGP to doom us all
In article [EMAIL PROTECTED] The Great Sean wrote: : I'll be stupid, and ask some questions I've always wondered about. : Why should routes learned by eBGP have a higher priority than iBGP? Love to know myself. Took me a few years to figure out why the strange iBGP redistribution rules (because barring something like confeds or RRs, there's no loop detection method in iBGP w/o it...) : Why should BGP implementations flap all good routes when they see a single : bad route packet? Sorry if this isn't adding enough signal, but Amen! However, there's some disagreement historically about this. I am in the camp who thinks the danger is higher from being able to trigger massive #s of session drops cyclically, but some argue that it's worse to continue talking to someone who may be spewing badness that you only see as syntax error, but some packets may have OK syntax and bad contents. This may be doomed to the neverending debate category, but I feel fairly strongly that I'd at least like a knob that makes NOTIFY not kill sessions (but you'd probably need to twist it it at both ends of the session). : Why don't SWIP forms include Origin-AS? Ahem. Origin-AS(s) - plural. Agreed - mildly. Of course, SWIP isn't updated when delegation info changes, so origin AS(s) would get just as stale as contact info. Avi
Re: BGP to doom us all
On Sun, 2 Mar 2003, Avi Freedman wrote: In article [EMAIL PROTECTED] The Great Sean wrote: ^^ : I'll be stupid, and ask some questions I've always wondered about. : Why should routes learned by eBGP have a higher priority than iBGP? Love to know myself. Consider the situation where two routers have an external path to a destination, but they both prefer the path over the other. This can create routing loops and BGP instability as routers keep revoking and reannouncing their external routes over iBGP. However, the external first rule is a relatively weak one, as it only kicks in when the BGP route selection algorithm can't decide which route is better. If you use the local preference, AS path or multi-exit discriminator to prefer one of the BGP routes, all routers will use this one, regardless of whether they learn it over eBGP or iBGP.
Re: BGP to doom us all
On Fri, 28 Feb 2003, Vadim Antonov wrote: Thank you very much, but no. DNS (and DNSSEC) relies on working IP transport for its operation. Doesn't sBGP also have this problem? A catch-22 where you have to have good routing to get good routing? Or did I miss something? Now you effectively propose to make routing (and so operation of IP transport) dependent on DNS(SEC). Am I the only one who sees the problem? --vadim PS. The only sane method for routing info validation I've seen so far is the plain old public-key crypto signatures. On 1 Mar 2003, Paul Vixie wrote: It wouldn't be too hard for me to trust: 4969.24.origin.0.254.200.10.in-addr.arpa returning something like true. to check whether 4969 is allowed to originaate 10.200.254.0/24. ... at last, an application for dnssec!
Re: Who uses RADB? [was BGP to doom us all]
On Saturday, Mar 1, 2003, at 11:28 America/Vancouver, [EMAIL PROTECTED] wrote: It doesnt cost a million dollars to have access to a RR, its somewhat less! You pay for your domains you pay for your IPs you pay for your ASN you pay for your SSL, so why be shocked you pay a little for this too? And if everyone filters your prefixes that will be operational value enough to join! Because it provides me *no* service what so ever. Then don't use it. Surely this is not rocket science. What does a RADB tell you about a non-transit network that you can't see It tells you who it belongs to, where it should be coming from, possibly contact details. Presuming that it is correct, which it is NOT in a large percentage of cases. So again, why am I paying to someone to provide me incorrect information? You're not. You're paying to provide other people with information about you. Retrieving other peoples' incorrect information is free. Joe
Have address space? You too can make policy.
After running into some frustration trying to move forward some issues in ARIN, it has come to my attention that many IP space holders to not know they can participate in the process. To that end, if you have IP space, but have not followed ARIN issues before I invite you to read online or subscribe to their Public Policy Mailing List (PPML): http://www.arin.net/mailing_lists/index.html#ppml Many issues that affect smaller ISPs are being decided by the large ISPs, only because they often are the only ones with people participating in the process. Don't let that happen! -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp0.pgp Description: PGP signature
Re: Have address space? You too can make policy.
Leo Bicknell wrote: After running into some frustration trying to move forward some issues in ARIN, it has come to my attention that many IP space holders to not know they can participate in the process. To that Or gave up some years ago at the time of board problems. end, if you have IP space, but have not followed ARIN issues before I invite you to read online or subscribe to their Public Policy Mailing List (PPML): http://www.arin.net/mailing_lists/index.html#ppml Many issues that affect smaller ISPs are being decided by the large ISPs, only because they often are the only ones with people participating in the process. Don't let that happen! OK. Good idea. But, as far as I can tell, they only have browsable archives. (I like to check archives before joining and posting.) Any idea how to get the FTP'able standard mail file format? -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: Who uses RADB? [was BGP to doom us all]
On Sunday, Mar 2, 2003, at 14:06 America/Vancouver, [EMAIL PROTECTED] wrote: It doesnt cost a million dollars to have access to a RR, its somewhat less! You pay for your domains you pay for your IPs you pay for your ASN you pay for your SSL, so why be shocked you pay a little for this too? And if everyone filters your prefixes that will be operational value enough to join! Because it provides me *no* service what so ever. Then don't use it. Surely this is not rocket science. If it provides no service to me and the guy next block and another little ISP that is announcing some prefixes and a few large ISPs that announce quite a few prefixes you wont get the data that you need. I am sure you get the idea. Some people seem to have the idea that RADB-like services are only useful if every operator uses them, and every operator publishes accurate information. In my experience, that is not the case. The most common usefulness I have experienced out of the IRR is as an automated mechanism for publishing policy to adjoining ASes. Examples are BGP-speaking customers instructing their providers on how to filter their advertisements, and ASes filtering advertisements from their peers (which does happen, even if it's not common in the US). Whether or not non-adjoining ASes use the IRR at all, or use it well, is not relevant to this application. Generating route filters from the IRR via a small lump of script has the potential to be cheaper, quicker, more efficient and less customer-enraging than the common alternative approach of opening six different tickets with the NOC and sacrificing small animals for three weeks until the updates are made. Joe
Re: Who uses RADB? [was BGP to doom us all]
--- Joe Abley [EMAIL PROTECTED] wrote: Generating route filters from the IRR via a small lump of script has the potential to be cheaper, quicker, more efficient and less customer-enraging than the common alternative approach of opening six different tickets with the NOC and sacrificing small animals for three weeks until the updates are made. When I was at $LARGE_PROVIDER, I was working on a project to port all of the customer IP information over to route-objects for precicely this purpose: the goal was that customers would be able to update their filters automatically (and get rWHOIS for free - simplifying additional ARIN allocation requests). Sadly for that project, after I left, the little Ultra 5 was abandoned, and AFAIK is still sitting in my old lab, unused - and after the most recent (quarterly) staff-bloodletting, there certainly won't be resources to devote to a project like that. Sigh. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/