Re: Fw: Protocol Action: 'BGP Support for Four-octet AS Number Space' to Proposed Standard

2007-03-09 Thread Randy Bush 

> The IESG has approved the following document:
> 
> - 'BGP Support for Four-octet AS Number Space '
> as a Proposed Standard

cool.  the rirs implemented it last year.

randy

Fw: Protocol Action: 'BGP Support for Four-octet AS Number Space' to Proposed Standard

2007-03-09 Thread Steven M. Bellovin 



Begin forwarded message:

Date: Fri, 09 Mar 2007 16:34:36 -0500
From: The IESG <[EMAIL PROTECTED]>
To: IETF-Announce 
Cc: idr mailing list , idr chair
<[EMAIL PROTECTED]>,Internet Architecture Board
,RFC Editor  Subject:
Protocol Action: 'BGP Support for Four-octet AS Number  Space' to
Proposed Standard 


The IESG has approved the following document:

- 'BGP Support for Four-octet AS Number Space '
as a Proposed Standard

This document is the product of the Inter-Domain Routing Working Group. 

The IESG contact persons are Bill Fenner and Ross Callon.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-idr-as4bytes-13.txt

Technical Summary
 
   Currently the Autonomous System number is encoded as a two-octet
   entity in BGP. This document describes extensions to BGP to carry the
   Autonomous System number as a four-octet entity.

   Based on historical and current allocation rates, the range available
   to two-octet AS numbers is expected to run out in 2010.

Working Group Summary
 
 This is a long-standing work item for the working group, with the
 first draft being published in February 2001.

 The approach described in the draft to support 4 Byte AS numbers
 is one of no change to BGP in terms of protocol in all but one
 aspect: The OPEN message uses a 4-Byte capability advertisement
 and the use of a 2 Byte MyAS field value. In all other respects
 there is no change to the protocol elements of BGP, other than
 using 4 bytes where ASs are used.

 The other substantive topic of the draft is in the interoperation
 of 4-Byte AS speakers with 2-Byte AS speakers.

 The OPEN message with capability advertisement has attracted one
 comment that this is contrary to RFC3392, however a detailed
 analysis of this comment has not lead to substantiation of this
 comment.  Using this as a dynamic capability rather than an OPEN
 capability was raised as a comment, with the response that there
 is no reason to make the capability dynamic in this case.

 The tunnelling technique of using an opaque transitive community
 attribute to carry the 4-Byte AS Path attracted some comment. The
 comment was concerned with the reconstruction of the 4-Byte AS
 path across a 2-to-4 byte BGP boundary, where the algorithm for
 the reconstruction was, in some comments, not sufficiently
 well-defined.

 However it is also the case that the critical elements of the role
 of the AS Path are adequately described in the draft. The AS path
 length is used as a metric in the BGP path selection process, and
 the AS path itself is used for loop prevention. The draft
 specifies that the reconstruction of the AS path across a 2-byte
 to 4-byte AS transition should preserve the AS path length. The
 draft does not cover every possible eventuality of reconstruction
 of the 4-byte AS path, but a closer examination of the loop
 detection issue reveals that loops that may occur across a mixed 2
 Byte / 4 Byte path are detectable within one iteration of the loop
 within the 2-Byte component of the mixed loop path in all
 circumstances. Accordingly, both the use of the AS path length as
 a path metric and the use of the AS path as a loop detection
 mechanism are preserved in this approach, even though the draft is
 not definitive in describing the AS path reassembly algorithm in
 every possible eventuality. In other words the draft contains the
 necessary and sufficient minimum set of properties for AS path
 reconstruction, leaving the precise algorithm up to the
 implementation. This approach is not seen as impairing the
 functionality, interoperability or integrity of BGP, either within
 the context of the individual peering session or in the context of
 the broader IDR framework.

 A comment was raised that on-the-wire inspection of BGP updates
 would not know in all cases whether they were seeing 2-byte or
 4-byte AS BGP updates. The BGP update contains no additional
 control flags, and unless the on-the-wire device collects the
 initial OPEN message with the capability negotiation then the
 information as to 2-byte or 4-byte AS updates is not explicit. It
 has been noted that heuristics could be readily applied here, and
 the presence of the reserved 2-byte AS value 0 in the AS path is
 one indicator that the momitor is applying a 2-byte interpretation
 to a 4-byte BGP update.

 There were no other approaches referenced in the working group
 during Last Call, and the choice of this draft as representing one
 that is backwards compatible with existing BGP appears to have
 been an obvious obvious choice to the working group.

 The IETF Last call comments concernd the RFC3392 Capability
 Advertisement examination of these comments indicates that the
 concern

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

2007-03-09 Thread Sean Donelan 


On Tue, 6 Mar 2007, Mikael Abrahamsson wrote:
Customer gets hacked, one of their boxen starts spewing traffic with spoofed 
addresses. The way I understand your solution is to automatically shut their 
port and disrupt all their traffic, and have them call customer support to 
get any further.


Do you really think this is a good solution?

I don't see any customer with a choice continuing having a relationship with 
me if I treat them like that. It will cost me and them too much.


So instead I just drop their spoofed traffic and if they call and say that 
their line is slow, I'll just say it's full and they can themselves track 
down the offending machine and shut it off to solve the problem.


Compromised systems rarely have one thing wrong with them, and delaying
the pain just makes things worse.

Drop spoofed traffic, and they send non-spoofed packets.
Block port 25, and they send slammer on port 1434
Block messenger port 1025, and they send DNS DOS on port 53
Block irc bots port 6667, and they send VOIP spam port 5060
and so on and so on.


   The fast-spreading virus infected as many as 200 county computers
   Wednesday, and technicians shut down the entire network for Anne
   Arundel offices for more than 24 hours.

http://msmvps.com/blogs/donna/archive/2006/02/12/83332.aspx
   One day last year, things started going haywire at Northwest Hospital
   and Medical Center. Key cards would no longer open the operating-room
   doors; computers in the intensive-care unit shut down; doctors' pagers
   wouldn't work.

   It turns out the Seattle hospital's computers . along with up to 50,000
   others across the country . had been turned into an army of robots
   controlled by 20-year-old

Caused by "known" vulnerabilities with patches available, but the 
customers decided it wasn't "important" enough to take action before

they lost everything.

Is it really customer service to avoid the issue?

Weekly Routing Table Report

2007-03-09 Thread Routing Analysis Role Account 

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]

For historical data, please see http://thyme.apnic.net.

If you have any comments please contact Philip Smith <[EMAIL PROTECTED]>.

Routing Table Report   04:00 +10GMT Sat 10 Mar, 2007

Analysis Summary


BGP routing table entries examined:  214049
Prefixes after maximum aggregation:  114981
Deaggregation factor:  1.86
Unique aggregates announced to Internet: 104232
Total ASes present in the Internet Routing Table: 24567
Origin-only ASes present in the Internet Routing Table:   21391
Origin ASes announcing only one prefix:   10326
Transit ASes present in the Internet Routing Table:3176
Transit-only ASes present in the Internet Routing Table: 73
Average AS path length visible in the Internet Routing Table:   3.6
Max AS path length visible:  32
Max AS path prepend of ASN (35816)   23
Prefixes from unregistered ASNs in the Routing Table: 5
Unregistered ASNs in the Routing Table:   6
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space: 12
Number of addresses announced to Internet:   1685938700
Equivalent to 100 /8s, 125 /16s and 98 /24s
Percentage of available address space announced:   45.5
Percentage of allocated address space announced:   62.5
Percentage of available address space allocated:   72.8
Total number of prefixes smaller than registry allocations:  110890

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:48817
Total APNIC prefixes after maximum aggregation:   19649
APNIC Deaggregation factor:2.48
Prefixes being announced from the APNIC address blocks:   45908
Unique aggregates announced from the APNIC address blocks:20798
APNIC Region origin ASes present in the Internet Routing Table:2888
APNIC Region origin ASes announcing only one prefix:777
APNIC Region transit ASes present in the Internet Routing Table:424
Average APNIC Region AS path length visible:3.7
Max APNIC Region AS path length visible: 16
Number of APNIC addresses announced to Internet:  286620800
Equivalent to 17 /8s, 21 /16s and 124 /24s
Percentage of available APNIC address space announced: 71.0

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911
APNIC Address Blocks   58/7, 60/7, 116/6, 120/6, 124/7, 126/8, 202/7
   210/7, 218/7, 220/7 and 222/8

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:104481
Total ARIN prefixes after maximum aggregation:61409
ARIN Deaggregation factor: 1.70
Prefixes being announced from the ARIN address blocks:76505
Unique aggregates announced from the ARIN address blocks: 29663
ARIN Region origin ASes present in the Internet Routing Table:11386
ARIN Region origin ASes announcing only one prefix:4353
ARIN Region transit ASes present in the Internet Routing Table:1045
Average ARIN Region AS path length visible: 3.4
Max ARIN Region AS path length visible:  21
Number of ARIN addresses announced to Internet:   320403072
Equivalent to 19 /8s, 24 /16s and 246 /24s
Percentage of available ARIN address space announced:  70.7

ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106
(pre-ERX allocations)  2138-2584, 2615-2772, 2823-2829, 2880-3153
   3354-4607, 4865-5119, 5632-6655, 6912-7466
   7723-8191, 10240-12287, 13312-15359, 16384-17407
   18432-20479, 21504-23551, 25600-26591,
   26624-27647, 29696-30719, 31744-33791
   35840-36863, 39936-40959
ARIN Address Blocks24/8, 63/8, 64/5, 72/6, 76/8, 96/6, 199/8, 204/6,
   208/7 and 216/8

RIPE Region Analysis Summary


Prefixes being announced by RIPE Region ASes: 44348
Total RIPE prefixes after maximum aggregation:28880
RIPE Deaggregation factor: 1.54
Prefixes being announced from the R

The Cidr Report

2007-03-09 Thread cidr-report 

This report has been generated at Fri Mar  9 21:47:13 2007 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org/as4637 for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
02-03-07210831  136622
03-03-07210864  136583
04-03-07210952  136569
05-03-07210930  136684
06-03-07211107  136782
07-03-0726  136889
08-03-07211400  136796
09-03-07211361  136971


AS Summary
 24481  Number of ASes in routing system
 10318  Number of ASes announcing only one prefix
  1485  Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - AT&T WorldNet Services
  90546432  Largest address span announced by an AS (/32s)
AS721  : DISA-ASNBLK - DoD Network Information Center


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 09Mar07 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 211630   1369607467035.3%   All ASes

AS4323  1324  356  96873.1%   TWTC - Time Warner Telecom,
   Inc.
AS4134  1251  316  93574.7%   CHINANET-BACKBONE
   No.31,Jin-rong Street
AS4755  1084  180  90483.4%   VSNL-AS Videsh Sanchar Nigam
   Ltd. Autonomous System
AS9498   960   92  86890.4%   BBIL-AP BHARTI BT INTERNET
   LTD.
AS6478  1130  386  74465.8%   ATT-INTERNET3 - AT&T WorldNet
   Services
AS22773  729   48  68193.4%   CCINET-2 - Cox Communications
   Inc.
AS11492  992  358  63463.9%   CABLEONE - CABLE ONE
AS8151  1071  451  62057.9%   Uninet S.A. de C.V.
AS18566  996  381  61561.7%   COVAD - Covad Communications
   Co.
AS17488  612   58  55490.5%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS19262  715  182  53374.5%   VZGNI-TRANSIT - Verizon
   Internet Services Inc.
AS6197  1030  506  52450.9%   BATI-ATL - BellSouth Network
   Solutions, Inc
AS7018  1485  976  50934.3%   ATT-INTERNET4 - AT&T WorldNet
   Services
AS18101  530   28  50294.7%   RIL-IDC Reliance Infocom Ltd
   Internet Data Centre,
AS19916  568   97  47182.9%   ASTRUM-0001 - OLM LLC
AS17676  503   65  43887.1%   JPNIC-JP-ASN-BLOCK Japan
   Network Information Center
AS15270  507   73  43485.6%   AS-PAETEC-NET - PaeTec.net -a
   division of
   PaeTecCommunications, Inc.
AS4766   731  314  41757.0%   KIXS-AS-KR Korea Telecom
AS4812   435   71  36483.7%   CHINANET-SH-AP China Telecom
   (Group)
AS2386  1094  741  35332.3%   INS-AS - AT&T Data
   Communications Services
AS721629  279  35055.6%   DISA-ASNBLK - DoD Network
   Information Center
AS3602   521  183  33864.9%   AS3602-RTI - Rogers Telecom
   Inc.
AS5668   568  236  33258.5%   AS-5668 - CenturyTel Internet
   Holdings, Inc.
AS16852  400   74  32681.5%   BROADWING-FOCAL - Broadwing
   Communications Services, Inc.
AS7011   773  463  31040.1%   FRONTIER-AND-CITIZENS -
   Frontier Communications, Inc.
AS7029   533  227  30657.4%   WINDSTREAM - Windstream
   Communications Inc
AS33588  433  132  30169.5%   BRESNAN-AS - Bresnan
   Communications, LLC.
AS14654  3025  29798.3%   WAYPORT - Wayport
AS6198   561  268  29352.2%   B

BGP Update Report

2007-03-09 Thread cidr-report 

BGP Update Report
Interval: 23-Feb-07 -to- 08-Mar-07 (14 days)
Observation Point: BGP Peering with AS4637

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS958320008  1.5%  22.9 -- SIFY-AS-IN Sify Limited
 2 - AS701515695  1.2%   4.0 -- CCCH-AS2 - Comcast Cable 
Communications Holdings, Inc
 3 - AS702 11158  0.8%  15.6 -- AS702 MCI EMEA - Commercial IP 
service provider in Europe
 4 - AS24731   10233  0.8% 243.6 -- ASN-NESMA National Engineering 
Services and Marketing Company Ltd. (NESMA)
 5 - AS17974   10176  0.8%  30.3 -- TELKOMNET-AS2-AP PT 
TELEKOMUNIKASI INDONESIA
 6 - AS204269925  0.8%9925.0 -- PWC-AS - 
PriceWaterhouseCoopers, LLP
 7 - AS240868586  0.7% 408.9 -- ETC-AS-VN Electric 
Telecommunication Company
 8 - AS7545 8078  0.6%  15.0 -- TPG-INTERNET-AP TPG Internet 
Pty Ltd
 9 - AS721  7675  0.6%  15.9 -- DISA-ASNBLK - DoD Network 
Information Center
10 - AS5803 7487  0.6%  84.1 -- DDN-ASNBLK - DoD Network 
Information Center
11 - AS126547102  0.5% 191.9 -- RIPE-NCC-RIS-AS RIPE NCC RIS 
project
12 - AS8151 6682  0.5%   8.5 -- Uninet S.A. de C.V.
13 - AS8452 6623  0.5%  27.9 -- TEDATA TEDATA
14 - AS145226605  0.5%  49.3 -- Satnet
15 - AS4788 6448  0.5%  39.3 -- TMNET-AS-AP TM Net, Internet 
Service Provider
16 - AS251456006  0.5% 214.5 -- TEKNOTEL-AS tr.teknotel 
AS-Number
17 - AS4657 5971  0.5%  34.7 -- STARHUBINTERNET-AS Starhub 
Internet, Singapore
18 - AS9121 5616  0.4%   8.3 -- TTNET TTnet Autonomous System
19 - AS188095596  0.4% 107.6 -- Cable Onda
20 - AS701  5544  0.4%   5.7 -- UUNET - MCI Communications 
Services, Inc. d/b/a Verizon Business


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS204269925  0.8%9925.0 -- PWC-AS - 
PriceWaterhouseCoopers, LLP
 2 - AS315942832  0.2%2832.0 -- FORTESS-AS Fortess LLC Network
 3 - AS195801380  0.1%1380.0 -- ZONETEL - ZONE TELECOM, INC.
 4 - AS330251206  0.1%1206.0 -- QE-ASN-01 - Quinn Emanuel 
Urquhart Oliver & Hedges LLP
 5 - AS337971085  0.1%1085.0 -- APIS-NET-AS Grupa Internetowa
 6 - AS390661980  0.1% 990.0 -- KREDYTBANKUA-AS Kredyt Bank 
(Ukraine) AS
 7 - AS31307 990  0.1% 990.0 -- YKYATIRIM YAPI KREDI YATIRIM
 8 - AS34378 900  0.1% 900.0 -- RUG-AS Razguliay-UKRROS Group
 9 - AS261131700  0.1% 850.0 -- TNS-ASN - Triware Networld 
Systems
10 - AS3043 3424  0.3% 684.8 -- AMPHIB-AS - Amphibian Media 
Corporation
11 - AS38151 660  0.1% 660.0 -- ENUM-AS-ID APJII-RD
12 - AS307071683  0.1% 561.0 -- SICOR-US-CA-IRVINE - SICOR 
Pharmaceuticals, Inc.
13 - AS139561080  0.1% 540.0 -- FUTUREDONTICS - Futuredontics 
Inc.
14 - AS176455299  0.4% 529.9 -- NTT-SG-AP ASN - NTT SINGAPORE 
PTE LTD
15 - AS4271 1008  0.1% 504.0 -- WORX - Networx
16 - AS331881004  0.1% 502.0 -- SCS-NETWORK-1 - Sono Corporate 
Suites
17 - AS29346 478  0.0% 478.0 -- HARDSOFTWAREHAUS viventu 
Systemhaus GmbH
18 - AS28746 439  0.0% 439.0 -- MSS-UK-AS Multimedia Strategic 
Solutions - UK
19 - AS174401756  0.1% 439.0 -- PRONET-AP Putrabu Rajasa Galuh, 
PT
20 - AS152511284  0.1% 428.0 -- GRAND-CENTRAL-STATION - Grand 
Central Station Internet Services, Inc.


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 155.201.48.0/219925  0.6%   AS20426 -- PWC-AS - 
PriceWaterhouseCoopers, LLP
 2 - 209.140.24.0/243416  0.2%   AS3043  -- AMPHIB-AS - Amphibian Media 
Corporation
 3 - 89.4.128.0/24  3382  0.2%   AS24731 -- ASN-NESMA National Engineering 
Services and Marketing Company Ltd. (NESMA)
 4 - 89.4.129.0/24  3211  0.2%   AS24731 -- ASN-NESMA National Engineering 
Services and Marketing Company Ltd. (NESMA)
 5 - 89.4.131.0/24  3071  0.2%   AS24731 -- ASN-NESMA National Engineering 
Services and Marketing Company Ltd. (NESMA)
 6 - 194.242.124.0/22   2832  0.2%   AS31594 -- FORTESS-AS Fortess LLC Network
 7 - 62.89.226.0/24 1829  0.1%   AS20663 -- INAR-VOLOGDA-AS Autonomous 
System of Vologda
 8 - 58.65.1.0/24   1684  0.1%   AS17645 -- NTT-SG-AP ASN - NTT SINGAPORE 
PTE LTD
 9 - 64.95.193.0/24 1672  0.1%   AS30707 -- SICOR-US-CA-IRVINE - SICOR 
Pharmaceuticals, Inc.
10 - 216.85.83.0/24 1595  0.1%   AS4323  -- TWTC - Time Warner Telecom, Inc.
11 - 202.136.182.0/24   1544  0.1%   AS17645 -- NTT-SG-AP ASN - NTT SINGAPORE 
PTE LTD
12 - 202.136.176.0/24   1543  0.1%   AS17645 -- NTT-SG-AP ASN - NTT SING