Evening all. This is a little long, ignore if you don't have an interest
in the exchange in Wellington.
On Thu, 17 Aug 2000, James Tyson wrote:
So, let me get
this straight. He gets troubles when he receives routes
from you directly, and then again via the route server?
Yeah. Turns out he's running some horrible system based on gated.
Righto, So we're moving from "we're not peering coz the route servers are
broken" to "we're not peering coz we don't trust what comes from the
servers"? That's all good, we've had these discussions before, and
doubtless we'll have them again.
What we have been doing in the past (and what we are
doing now, for that
matter) is to add our routes into the mix, but not learn anything from the
Indeed. Mighty prudent strategy.
I cannot allow routes from unknown and untrusted
sources to be
injected into my AS unless stringent measures are undertaken on your
part to ensure the sanity of said advertisements.
I will however allow our network to learn routes from
you if you are
able to give documented evidence that every route is under the strict
control of the WIX.
Here's the state of the WIX, as it's currently run. The WIX route servers
peer with about 35 other routers, about half of which are on private ASN,
and the rest have public AS numbers. Arbitrarily, I assume that the users
of private ASN are inept, and therefore I require that they give me a
manual list of prefixes they're going to announce, with which I filter
their incoming announcements. Equally arbitrarily, I assume that
organisations that have gone to the trouble of obtaining their own public
ASN have a certain degree of clue, and therefore I don't require that they
give me a list of prefixes before peering, although if they do provide a
prefix list I'll gladly filter their announcements with it. Generally,
all new peers added since about the start of this year have provided
prefix lists, and are being filtered.
I'm aware that this sounds random, and insecure, but historically, all
care, no responsibility has been the only way Citylink staff could run the
route servers, given the limited time resources available to us. On the
whole, it's worked pretty well, for a fairly organic construct.
So, at this stage, I can provide an accurate list of the prefixes being
originated from 9439, the Citylink AS (all private ASN get reoriginated
from 9439 as they pass through the route server), and if anybody wants
that list, I'll gladly provide. For the majority of the other ISP's that
advertise through the WIX route servers I don't currently know what
they're announcing, so you should treat them with whatever level of
scepticism you like. OTOH, I guess you could contact the administrators
of these ASN directly (all the usual suspects :-), and find out what
they're sending to the route servers, and filter for that.
That being said, I'll soon be working full time for Citylink, and will
have more time for documenting and managing the route reflectors,
including getting and publishing authoratitive lists of all the prefixes
WIX peers plan to advertise, possibly by hand, or possibly through the
RADB or similar. I suspect this'll be a gradual process, as always.
In an effort to help, I am willing to send you a
prefix-list of Xtra's
Sure, that'd be a grand way to start. If anybody else wants to send me
their list of prefixes that they're sending to the route servers, then
I'll add them to the list of prefixes we announce.
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz
where the body of your message reads: