Re: Fw: Where is the edge of the Internet?
Paul Vixie wrote: here's what i came up with while trying to explain the edge elsewhere. 1 - Connection Taxonomy 1.1. The Internet is a network of networks, where the component networks are called Autonomous Systems (AS), each having a unique AS Number (ASN). Even if this reflects the original intent of ASNs, it certainly does not fit current reality. Let's call any set of networks under a unified administrative control an Autonomous Routing Domain (ARD). ARDs should not be confused with ASes (an implementation detail). They are distinct for these reasons: 1) Most ARDs do not have an ASN -- they are statically routed at the edge. 2) Many networks at the edge use private ASNs. 3) Many ARDs share a provider provided ASN -- RFC 2270. 4) Many ARDs are implemented with multiple ASNs. Internap is probably an extreme example. But even UUNet's global ARD (AS701, 702, 705 ...) reflects an implementation choice (one that Sprint does not seem to follow with 1239, for example). ---tim
Re: Fw: Where is the edge of the Internet?
1 - Connection Taxonomy 1.1. The Internet is a network of networks, where the component networks are called Autonomous Systems (AS), each having a unique AS Number (ASN). Even if this reflects the original intent of ASNs, it certainly does not fit current reality. it is (a) accurate to the original definition, and (b) relevant to finding the edge. everything else you added: Let's call any set of networks under a unified administrative control an Autonomous Routing Domain (ARD). ARDs should not be confused with ASes (an implementation detail). They are distinct for these reasons: 1) Most ARDs do not have an ASN -- they are statically routed at the edge. 2) Many networks at the edge use private ASNs. 3) Many ARDs share a provider provided ASN -- RFC 2270. 4) Many ARDs are implemented with multiple ASNs. Internap is probably an extreme example. But even UUNet's global ARD (AS701, 702, 705 ...) reflects an implementation choice (one that Sprint does not seem to follow with 1239, for example). ...is also completely true, and points to a possible need to upgrade the terminology in general use. however, for the purpose of finding the edge, the original (and still officially current) definition of ASN will serve.
Fw: Where is the edge of the Internet?
address (as per your scenario). You look up the destination in the routing table, and don't find it. So we look in RFC792 on page 5: If, according to the information in the gateway's routing tables, the network specified in the internet destination field of a datagram is unreachable, e.g., the distance to the network is infinity, the gateway may send a destination unreachable message to the internet source host of the datagram. In addition, in some networks, the gateway may be able to determine if the internet destination host is unreachable. Gateways in these networks may send destination unreachable messages to the source host when the destination host is unreachable. - who does? the source is reachable...via BGP.its a valid internet address... And you send that to the bogus source address *HOW*? -- how what??...it still isnt a problem for the actual traffic, the source network may exist on a BGP router as being advertised from another AS ..but not on the edge router from where it uplinks ..as was being discussed here Also, note the following: Another case is when a datagram must be fragmented to be forwarded by a gateway yet the Don't Fragment flag is on. In this case the gateway must discard the datagram and may return a destination unreachable message. Getting Path MTU Discovery to work is tough enough without some bozo network engineer assuming that assymetric paths with unroutable endpoint addresses will actually work. Yeah, sure - the destination *MIGHT* have a route back, but if *you* don't have a route back, things will break in subtle ways. --- suggest u read the thread... we were : 1. discussing a ip spoofed attacks 2. the network/ip may exist on a BGP running router as being advertised from antoher AS/ differnet ISP.. its still present on the internet, but its a BGP route, not an IGP route...although that network uplinks from ur network...whats the problem? where does all this cause a problem? all ur edges will 0.0.0.0/0 to some bgp running router and the packet will get there.. ..there are enuf asymmetric networks, i can assure of of that... for one, you could simply try running a traceroute to some tracert sites from ur PC and a reverse trace from those servers to you ull find lots...
Re: Fw: Where is the edge of the Internet?
On Wed, 06 Nov 2002 01:27:21 +0530, alok [EMAIL PROTECTED] said: - who does? the source is reachable...via BGP.its a valid internet address... Hold that thought for a bit, and remember that at least *some* of us were discussing whether to drop packets if we *DONT* have a route to the source. ..there are enuf asymmetric networks, i can assure of of that... for one, you could simply try running a traceroute to some tracert sites from ur PC and a reverse trace from those servers to you ull find lots... And the point is, that even *WITH* an assymetric route, that if I *DONT* have a route back to you *somehow*, it's probably time for me to toss the packet out the window. There's a distinction between the route to the source goes out an interface other than the one the packet arrived on and there is no route to the source at all, via any interface. msg06468/pgp0.pgp Description: PGP signature
Re: Fw: Where is the edge of the Internet?
Where is the edge of the Internet? here's what i came up with while trying to explain the edge elsewhere. 1 - Connection Taxonomy 1.1. The Internet is a network of networks, where the component networks are called Autonomous Systems (AS), each having a unique AS Number (ASN). 1.2. Connections inside an AS are called Interior (or sometimes backbone), and their security policies are set according to local needs, usually based on business or technical requirements. 1.3. Connections between ASs are called Border (or sometimes peering), and their security policies are set bilaterally according to the joint needs of the interconnecting parties. 1.4. Connections between an AS and its traffic sources (generators) and traffic sinks (consumers) are called Edge (or sometimes customer), and their security policies are generally, by long standing tradition, nonexistent. -- Paul Vixie
Re: Fw: Where is the edge of the Internet?
On Wed, 06 Nov 2002 01:27:21 +0530, alok [EMAIL PROTECTED] said: - who does? the source is reachable...via BGP.its a valid internet address... Hold that thought for a bit, and remember that at least *some* of us were discussing whether to drop packets if we *DONT* have a route to the source. = you cant if its a valid internet address...can you? ..there are enuf asymmetric networks, i can assure of of that... for one, you could simply try running a traceroute to some tracert sites from ur PC and a reverse trace from those servers to you ull find lots... And the point is, that even *WITH* an assymetric route, that if I *DONT* have a route back to you *somehow*, it's probably time for me to toss the packet out the window. There's a distinction between the route to the source goes out an interface other than the one the packet arrived on and there is no route to the source at all, via any interface. but that isnt the case here is it...some of ur internal core routers may not have every router running bgp, so what do u do for such scenarios..u default route it to a bgp routerim missing your point. - Original Message - From: [EMAIL PROTECTED] To: alok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 1:34 AM Subject: Re: Fw: Where is the edge of the Internet?