[ppml] Effects of explosive routing table growth on ISP behavior

Stephen Sprunk stephen at sprunk.org
Thu Nov 1 15:33:10 EDT 2007

Thus spake "Jon Lewis" <jlewis at lewis.org>
> On Thu, 1 Nov 2007, Stephen Sprunk wrote:
>> It'd be really nice if someone would produce a tool that would auto-
>> create filter lists that would permit N-bit deaggregates of each
>> block assigned by the RIRs.  As long as a covering aggregate
>> was announced, each network could tune N to keep their routers
>> from falling over.
> That's a little hard to automate since not all the RIRs post the necessary 
> info in easy to programatically grab ways.  Most do.
> Besides, given that the RIR minimum allocations in each /8 are
> reasonably static, do you really need this filter to be regularly auto-
> generated?

Yes, because actual allocation/assignment sizes vary over time even if the 
minima do not.  You could design it to trade off zero false positives for a 
reasonable number of false negatives, but you'd still want to update it at 
least monthly.

> If you use the one I posted to nanog a few weeks ago, it'll block all
> the "smaller than minimum"-RIR routes for the /8's known at the time
> the filter was written.

Smaller-than-minimum is a good start.  Smaller-than-actual is better, or at 
least solves a different problem.  All one has to do is look at the CIDR 
Report to see that many folks with /14s to /18s are deaggregating down to 
/20s and /24s.  Those deaggregates are in /8s with minima of /20 and /24, so 
a smaller-than-minima filter won't catch them -- but they're clogging up 
tens of thousands of routing slots all over the world.

Also, I do have some tolerance for deaggregates, as long as the covering 
aggregate is provided.  How much that tolerance is (i.e. the value of N) 
will depend on how close my routers are to falling over this week.  In fact, 
N may even be a function of how many AS hops they are from me: deaggregates 
from India or somewhere else 5+ hops away don't particularly interest me, 
but ones from here in the US/Canada may.  In fact, if someone were assigned 
a /24 here, I might want their /27s; I don't want /24s (or even /14s) from 
someone further away with a /10 -- as long as that /10 makes it to me.

> The problem is clueless networks deaggregating and not
> announcing covering CIDRs.  There's lots of them.  I'm considering
> setting up a web site and possibly a DNSBL-style DNS zone that
> would allow people to look up "their IP" and see if "their ISP is
> without clue".  The idea being to make it easy for people to realize
> their web sites, mail servers, whatever are being run by networks
> abusing the DFZ and are at risk of falling off the internet when
> networks start filtering based on RIR minimum allocations.

Interesting idea, but the audience you're trying to clue in won't show up 
until they get filtered out of the DFZ and are wondering why -- if ever.


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 

More information about the ARIN-PPML mailing list