RE: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
Normally I'm rather loathe to send urls around - but in this case you may find this APNIC work directly relevant to what you are asking for: http://www.ripe.net/ripe/meetings/ripe-51/presentations/pdf/ripe51-address-certificate.pdf I also did some work a year or so back on the differences between announced vs allocated prefixes. http://www.potaroo.net/presentations/2004-05-01-allocation-vs-announcement.pdf At the time (May 2004) it appeared that the message was getting through and the fragmentation of allocations was decreasing. I have not re-reun the scripts recently to confirm if this is wtill the case. regards, Geoff At 05:06 AM 17/11/2005, Bora Akyol wrote: Maybe they should? Or at least provide a database that is signed so that people can check what is getting announced vs what was really allocated at least off line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Gucker Sent: Tuesday, November 15, 2005 9:06 PM To: Alain Hebert Cc: nanog@merit.edu Subject: Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved snip . ARIN will not step in here. They allocate resources, they do not police or enforce those resources. charles
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
Geoff Huston wrote: Normally I'm rather loathe to send urls around - but in this case you may find this APNIC work directly relevant to what you are asking for: http://www.ripe.net/ripe/meetings/ripe-51/presentations/pdf/ripe51-address-certificate.pdf It's really good to see this taking off in the APNIC region, but the big question: is there any movement in RIPE and ARIN!? A joint effort for this would be nice and also allow testing across the world. Also if the certs are deployed in APNIC I am sure that quite some ISP's on this side of the planet want to verify what is getting announced what they don't want to see ;) I found that the sig-ca mailinglist is a closed list. Greets, Jeroen PS: For people who didn't see it yet BGP - The Movie @ http://www.apnic.net/news/hot-topics/index.html#history signature.asc Description: OpenPGP digital signature
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
At 05:57 AM 18/11/2005, Jeroen Massar wrote: Geoff Huston wrote: Normally I'm rather loathe to send urls around - but in this case you may find this APNIC work directly relevant to what you are asking for: http://www.ripe.net/ripe/meetings/ripe-51/presentations/pdf/ripe51-address-certificate.pdf It's really good to see this taking off in the APNIC region, but the big question: is there any movement in RIPE and ARIN!? Well the 'standard' answer is that the way to get your RIR to commit to a service is to actively advocate in the relevant forums in your local region that this is an important member service that needs some level of priority in terms of work schedules. However, it's also the case that this particular item has already attracted some detailed attention across the RIRs and there is considerable levels of liaison within the RIR's based around APNIC's committed schedule of activity. So if the regional policy forums say its a good thing to do and the RIR members say yes, its a really good thing, lets do it then doubtless you will see schedules and deliverables from all RIRs in relatively short order. So, as with any membership-based organization, its a two-way thing - the members have to also play their part in saying loudly and clearly what they want in terms of services. A joint effort for this would be nice and also allow testing across the world. Also if the certs are deployed in APNIC I am sure that quite some ISP's on this side of the planet want to verify what is getting announced what they don't want to see ;) I found that the sig-ca mailinglist is a closed list. We are certainly not planning for such a restricted outcome, and we at APNIC would definitely like to see this as a complete service across all RIRs, of course. regards, Geoff
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
J On Nov 16, 2005, at 12:15 AM, Alain Hebert wrote: Thanks. ( There is more interesting details but I will reserve myself. (; ) We're already working on making contact with the upstreams, but you're right I forgot about making more specific announcement. Thanks again. Just don't be too surprised if... A. Your vendors blocks more specifics from you. B. No one listens to your more specifics because they are TOO specific. C. You contribute just a little bit more to the de-aggregation of the Internet (tongue in cheek). Regards, Blaine
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
Hi, A. Yeap we got the ok B. I used /21 instead C. Once that TelCo stop being a child we'll be back to /20, I'll like to keep it clean. FYI: We had excellent support from the peers of that TelCo, so the matters should be resolved today and the subnet back to be announced in his origial form. Have fun... Blaine Christian wrote: J On Nov 16, 2005, at 12:15 AM, Alain Hebert wrote: Thanks. ( There is more interesting details but I will reserve myself. (; ) We're already working on making contact with the upstreams, but you're right I forgot about making more specific announcement. Thanks again. Just don't be too surprised if... A. Your vendors blocks more specifics from you. B. No one listens to your more specifics because they are TOO specific. C. You contribute just a little bit more to the de-aggregation of the Internet (tongue in cheek). Regards, Blaine -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
RE: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
Maybe they should? Or at least provide a database that is signed so that people can check what is getting announced vs what was really allocated at least off line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Gucker Sent: Tuesday, November 15, 2005 9:06 PM To: Alain Hebert Cc: nanog@merit.edu Subject: Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved snip . ARIN will not step in here. They allocate resources, they do not police or enforce those resources. charles
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
On Tue, Nov 15, 2005 at 11:46:35PM -0500, Alain Hebert wrote: Hi, I know somebody that is experiencing route flapping for more than a day now and we found out 10h ago that it was due to the announcement of his subnet by a major TelCO. Once that telco contacted, we got the run around for 10h now and no willingness from their part to fix the problem immediately. Well, a 'normal' solution (short term) would be to announce more specific announcements of your address space, then contact said Telco's upstream providers to have your prefix filtered from their connection(s). A nicely worded (polite) email/fax would go a long way with the NOC. This is of course, if they are not returning your calls, or as you say giving you the run around. I would also try to find a sympathetic body at the telco to help to properly resolve the issue, so you can go back to announcing only your aggregate netblock. We're wondering what is the proper process to make the TelCo correct their behavior and cooperate? (ARIN Conflict Resolution Process, etc ... We found nothing about this situation) ARIN will not step in here. They allocate resources, they do not police or enforce those resources. charles
Re: Issue AS and Subnet Announcment on BGP - Conflict with a major TelCO - 30h+ of route flapping unresolved
Thanks. ( There is more interesting details but I will reserve myself. (; ) We're already working on making contact with the upstreams, but you're right I forgot about making more specific announcement. Thanks again. Charles Gucker wrote: On Tue, Nov 15, 2005 at 11:46:35PM -0500, Alain Hebert wrote: Hi, I know somebody that is experiencing route flapping for more than a day now and we found out 10h ago that it was due to the announcement of his subnet by a major TelCO. Once that telco contacted, we got the run around for 10h now and no willingness from their part to fix the problem immediately. Well, a 'normal' solution (short term) would be to announce more specific announcements of your address space, then contact said Telco's upstream providers to have your prefix filtered from their connection(s). A nicely worded (polite) email/fax would go a long way with the NOC. This is of course, if they are not returning your calls, or as you say giving you the run around. I would also try to find a sympathetic body at the telco to help to properly resolve the issue, so you can go back to announcing only your aggregate netblock. We're wondering what is the proper process to make the TelCo correct their behavior and cooperate? (ARIN Conflict Resolution Process, etc ... We found nothing about this situation) ARIN will not step in here. They allocate resources, they do not police or enforce those resources. charles -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
