North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How does one make not playing nice with each other scale?

  • From: Greg A. Woods
  • Date: Sat Jan 13 14:32:24 2001

[ On Saturday, January 13, 2001 at 13:25:39 ( -0500), Mark Mentovai wrote: ]
> Subject: Re: How does one make not playing nice with each other scale? (Was:  net.terrorism)
>     Another potential issue (this is
> purely theoretical, I'm not referring to any past, present, or future
> situation in particular) is that providers trying to blackhole a certain
> site for AUP violations may want to negatively impact reachability as much
> as possible, rather than purely keeping the offending traffic off their
> network.  These folks wouldn't want to advertise anti-routes because the
> resulting blackhole avoidance would encourage others to take working
> alternate paths, which does less harm to the site in question.

Ah ha!  Now I think you've put your finger on the *real* problem!  :-)

> Still, this may be a beneficial, even if little-used, addition.  Thoughts?

Well if these "anti-routes" really do have to be manually configured
then it's still not really scalable.  If their advertisement in the
routing protocols could somehow be automated and hard to disable then
maybe they'd obviously be of some use.

If the people using such "hidden" null routes are attributing their
invisibility to the fact that de-aggregating the block they are within
is difficult and/or bad then clearly an "anti-route" advertisement
mechanism would be a potential solution to that problem.  Whether it
makes life any easier on either side of the fence is the question, and
no doubt part of the answer depends on whether or not the users of
"hidden" null routes (or other forms of transit packet filtering) are in
fact willing to advertise (in a routing protocol sense) what they're
really doing so that their peers (in a networking sense) can make better
decisions about what to do with their traffic.

Clearly a "hidden" null route (or even a real packet filter dropping
packets for some subnet) does violate the advertisement of the larger
aggregate route, and from what I've seen there are lots of people who
are "surprised" (to say the least) to learn that they can't get packets
to these null-routed networks via an encompassing route advertised by
one of their upstreams.  Packets is packets boyz and goilz, and if
you're advertising transit across your borders but not actually
providing it then you're most definitely not a very good network
neighbour.  I.e. policy based routing should be either outlawed for
transit providers, or required to be clearly advertised in such a way
that network peers can automate their routing decisions based on
real-time policy changes within their peer's networks (but perhaps
that's another non-operational discussion!  :-).

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>