route filtering policies (from "split b" thread)

Stephen Griffin noc at ultra.net
Tue Jun 6 01:33:00 EDT 2000 

In the referenced message, Mike Lieberman said:
> 
> > Mike,
> >
<snip>
> > How would you define exactly how to identify one of these
> > organizations?
> 
> Look I understand the frustration you are all having with this... but let's
> say ARIN sells /24's for $2.500/yr. You really need it for your home now?

Selling address space would be a _bad_ thing. Charging money to cover
allocation record-keeping is fine, since it doesn't convey "ownership".
We've already seen the perils with turning things into commodities
(cf the domain naming system).

> You need a router and bandwidth capable of full BGP. Vendors who will take
> your BGP.  You're not going to use ISDN, cable modems, xDSL or a inexpensive
> router. The cost alone if structured correctly can provide a reasonable
> self-selective system by which most networks won't want the costs or the
> hassles.

The costs of a cisco 25XX (which could handle 2 scaled-down bgp sessions
quite happily), 2 modems, and 2 phone lines is hardly prohibitive.

> I actually attended a meeting as a consultant to a company that will go
> unnamed. They have a /21 and there was a disussion about putting everything
> behind a firewall and using private IP. The head of their IT group pointed
> out that they would lose their ability to router their network as they were
> doing via BGP and would put the company at risk. That was the end of the
> discussion. Like I said early on in this discussion. You have two competing
> needs. Address space and routing tables. By not making a rational choice,
> you simple produce decisions that have adverse impacts.

The problem is that this entity runs the risk of forfeiture of _all_ of
their address space. I saw somewhere in this thread someone mentioning
a buy-back program for address space. That isn't necessary, since address
space is delegated, not sold. Theoretically ICANN, the RIR's and the
other registries (such as myself on behalf of my employer) have the right
to rescind any allocation we have jurisdiction over. Hopefully, this
is utilized extremely sparingly.

> I think you need to say OK, if have multiple paths, the right router, you
> are willing to pay, then you get X address space and that WILL route,
> whether you need that much space or not. Set it low enough so that you can
> live with the waste and high enough so that tables don't break for the few
> who will pay for it(I think a /24 fits if the cost to get it is high
> enough). And then don't make the user justify the network need for the size
> of the block. The only justifaction comes if the request if for more
> numbers.

If you persist on BGP == redundancy, but that is hardly the only solution.

> > One of the issues being dealt with by ARIN and the other registries
> > is how to determine who has a legitimate need and who doesn't. Further
> > when we can determine who has a legitimate need, then we
> > could actually
> > determine how many there might be and what the impact on the routing
> > table would be.  For example, ARIN would start seeing requests for
> > people like me who have a sizable network in their home and want
> > redundancy.  Should I get a globally routable /24?  My home network
> > is important.  (at least I think it is)  What if I need a /28?  Should
> > that be routed as well?
> >
> >     These are not necessarily small companies by annual
> > revenues. They just
> >     don't have a need for more than a /24. The policies of
> > the large vendors who
> >     insist on filtering, do more to serve the business
> > objectives of those
> >     vendors, than they do to protect the scalability of the Internet.
> >
> > Most of the folks I know who filter do it to keep their networks
> > working and for no other reason.
> >
> > Thanks for your input.
> > ---CJ

If someone has a need to have their allocation globally routed, and can
justify a /24, they should request that it come from class C space to
have the highest likelihood of the route being heard. However, a /24 from
class A space (not counting like 24/8 64/8 etc) has a high likelihood of
being dropped. If the entity _can't_ justify a /24, then they need to
do something like colocate diverse machines with providers across the mesh,
with something like a dns trick to direct people to the various colocations.

5 Providers
3 having service machines (web/mx/whatever)
2 having dns machines which check reachability of machines and services
(dns boxes are supposed to be on different subnets anyways).

If you _need_ redundancy, then you do the above, and pay the associated
costs. It is highly unlikely that anyone is going to allow me to 
deaggregate 0/1 just so I can have redundancy at my house because
I "need" it, or at the bar down the street, or the law-firm down the block.
The size of the entity doesn't really matter much, whether it is just
me, or Shodan Heavy Industries. You either can justify the address space,
or you can not. If you can not, you still have options (number machines
out of allocations provided by each of your upstreams and dns-twiddle),
colocate around the mesh as noted above, where you even get geographical
diversity to avoid things like a backhoe or terrorist taking out both 
of your redundant links by cutting close to your building or blowing it
up. There are options which preserve engineering principles, conserve
address space, and provide redundancy. These are the things which
registries (whether RIRs or registries underneath them) should offer
up to entities which require redundancy.


Stephen

-- 
   Stephen A. Griffin                              RCN
Senior Development Engineer             Internet Planning & Design
 stephen.griffin at rcn.com              Network Deployment & Management

More information about the ARIN-discuss mailing list