<div dir="ltr"><br><div>Having had time now to catch up on the background by watching the recording of the presentation and Heather's detailed objections -</div><div><br></div><div>I support the policy change as written.</div>
<div><br></div><div>Further, I believe it was somewhat irresponsible for ARIN and the other RIRs to have issued these LOAs without having consulted the community beforehand, and would like to hear why and under what detailed justification it was done. That it was technically in compliance with 11.7 as it stands today seems operationally unwise.</div>
<div><br></div><div>I would have liked to have had ARIN et al push back and do a pre-issuing public commentary period. Further, I am concerned that Merit's upstreams accepted the LOAs without asking about a public commentary.</div>
<div><br></div><div>Frankly, given the prosecutions of individuals for various IP attacks in V4 space, did you even get attorneys to check as to whether this might approach criminal behavior, much less operationally unwise? Merit and even ARIN seem to have been potentially exposed to both civil and criminal liability over this.</div>
<div><br></div><div>There seems to have been an undercurrent of "But Geoff's been doing this with APNIC forever..." justifying it being reasonable to do to the rest of us. What was acceptable there is not by extension acceptable everywhere, though it does suggest that further research over there was probably more acceptable than the equivalents in ARIN and other space.</div>
<div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Mar 28, 2014 at 6:09 PM, George Herbert <span dir="ltr"><<a href="mailto:george.herbert@gmail.com" target="_blank">george.herbert@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">However, reading the paper, the "AR" (allocated+routed) traffic they received, 35% or so, covered traffic which theoretically should have been routed more specifically but their covering prefix effectively captured instead.<div>
<br></div><div>I.e., oops.</div><div><br></div><div>One can presume that this traffic that showed at least mid-stream sessions (and not SYNs) was for prefixes where "upstreams" had a more-specific route that hadn't propagated down to Merit's direct upstreams, for some reason. 88% of the total traffic (if I read it right) was SYN (12%) or SYNACK (76%) in the 3-month dataset, mostly on ports 80 and 443. I.e., valid destination webserver trying to establish the handshake unable to find a route back to a (theoretically properly allocated and routed) source.</div>
<div><br></div><div>At the very least this raises a question as to whether it's wise to allow such experiments, where a significant amount of apparently valid traffic (allocated, and for which routing info was identified in further research) gets effectively MITMed as it flows.</div>
<div><br></div><div>That may not have been the intention; the theory that "oh, more specific will just override our research announcement" is colorable. But the actual data shows the assumptions fails; they did intercept a lot of legit (or apparently legit) traffic. Hence, oops, and perhaps we should not let this happen again.</div>
<div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Fri, Mar 28, 2014 at 10:05 AM, David Farmer <span dir="ltr"><<a href="mailto:farmer@umn.edu" target="_blank">farmer@umn.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 3/28/14, 11:57 , Bill Buhler wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
So if my understanding is correct, they basically performed a routing<br>
man in the middle attack on live IPv6 prefixes. Pardon my understanding<br>
level, but how did they keep from creating routing loops and service<br>
interruptions. I’m also a little concerned about performance and link<br>
loads. Are my concerns legitimate and inline?<br>
<br>
Thanks,<br>
<br>
--Bill<br>
</blockquote>
<br></div>
This absolutely WAS NOT an attack. They announced a covering prefix, only traffic with no more specific route would follow this route. Think more specific default route.<div><div><br>
<br>
<br>
-- <br>
==============================<u></u>==================<br>
David Farmer Email: <a href="mailto:farmer@umn.edu" target="_blank">farmer@umn.edu</a><br>
Office of Information Technology<br>
University of Minnesota<br>
2218 University Ave SE Phone: <a href="tel:1-612-626-0815" value="+16126260815" target="_blank">1-612-626-0815</a><br>
Minneapolis, MN 55414-3029 Cell: <a href="tel:1-612-812-9952" value="+16128129952" target="_blank">1-612-812-9952</a><br>
==============================<u></u>==================<br>
______________________________<u></u>_________________<br>
PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/<u></u>listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br>-george william herbert<br><a href="mailto:george.herbert@gmail.com" target="_blank">george.herbert@gmail.com</a>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>-george william herbert<br><a href="mailto:george.herbert@gmail.com">george.herbert@gmail.com</a>
</div>