Re: How polluted is 1/8?
Hi, We would also be happy to sink the traffic and provide captures and statistics for general consumption. Pete On Feb 4, 2010, at 9:30 PM, Jared Mauch wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
Hi Jared, Merit would be happy to sink and collected this traffic. Perhaps even the entire /8 depending on the traffic level. Ideally we would want to do the entire /8. We have disk and bandwidth in place for our other research activities and this would fit in nicely. We could probably do a full pcap capture for a week or so and make it publicly available to the broader research community. -manish There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
On Thu, 4 Feb 2010, Nathan Ward wrote: On 4/02/2010, at 9:19 AM, Justin M. Streiner wrote: I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes 1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the general public will not get addresses in these. Yes, I did see that. What I noticed yesterday was that there were no prefixes that cover 1.1.1.1 or 1.2.3.4 being announced globally at that point. jms
Re: How polluted is 1/8?
Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. - Kevin
Re: How polluted is 1/8?
On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
I know someone who'd happily sink both the /24's in question.. if apnic's interested. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauch ja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
On Feb 4, 2010, at 3:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Given that it is not in the table today, just announcing it would yield both interesting traffic, and interesting data on who is filtering it. -- TTFN, patrick On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauch ja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
On 2/4/10 2:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Ditto. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauchja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
RE: How polluted is 1/8?
14/8 isn't all they are using internally.. 1,4,5,42 and that's just the stuff that hasn't been delegated out by IANA yet. I am sure this practice is pervasive.. and it's an issue that doesn't typically come up in talks about prepping for IPv4 depletion. Maybe it will now.. FWIW, I don't believe these netblocks are completely unusable. If RIR policies permit you to get address space for private networks, it could be allocated to an organization that understands and accepts the pollution issue because they will never intend to route the space publicly. (Such a thing does exist..) +1 volunteering to sink traffic for 1.1.1.0/24 --heather -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: Wednesday, February 03, 2010 11:09 AM To: Mirjam Kuehne Cc: nanog@nanog.org Subject: Re: How polluted is 1/8? It should be of no surprise to anyone that a number of the remaining prefixes are something of a mess(somebody ask t-mobile how they're using 14/8 internally for example). One's new ipv4 assignments are going to be of significantly lower quality than the one received a decade ago, The property is probably transitive in that the overall quality of the ipv4 unicast space is declining... The way to reduce the entropy in a system is to pump more energy in, there's always the question however of whether that's even worth it or not. joel Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
Re: How polluted is 1/8?
If it's not obvious, I've thoguht about this and made some offers to the people at APNIC/RIPE. Hoping someone moves forward with this. The note was on the apops list (iirc). - jared On Feb 4, 2010, at 3:18 PM, Tico wrote: On 2/4/10 2:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Ditto. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauchja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
Schiller, Heather A (HeatherSkanks) wrote: 14/8 isn't all they are using internally.. 1,4,5,42 and that's just the stuff that hasn't been delegated out by IANA yet. I am sure this practice is pervasive.. and it's an issue that doesn't typically come up in talks about prepping for IPv4 depletion. Maybe it will now.. FWIW, I don't believe these netblocks are completely unusable. Nor do I, people will receive assignments out of them, and route them and cope with the occasional blackhole. Those whose applications or internal numbering schemes use them will bear a not insignificant cost associated with mitigation. If RIR policies permit you to get address space for private networks, it could be allocated to an organization that understands and accepts the pollution issue because they will never intend to route the space publicly. (Such a thing does exist..) +1 volunteering to sink traffic for 1.1.1.0/24 --heather -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: Wednesday, February 03, 2010 11:09 AM To: Mirjam Kuehne Cc: nanog@nanog.org Subject: Re: How polluted is 1/8? It should be of no surprise to anyone that a number of the remaining prefixes are something of a mess(somebody ask t-mobile how they're using 14/8 internally for example). One's new ipv4 assignments are going to be of significantly lower quality than the one received a decade ago, The property is probably transitive in that the overall quality of the ipv4 unicast space is declining... The way to reduce the entropy in a system is to pump more energy in, there's always the question however of whether that's even worth it or not. joel Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
How polluted is 1/8?
Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
Re: How polluted is 1/8?
On Wed, Feb 03, 2010 at 04:49:00PM +0100, Mirjam Kuehne m...@ripe.net wrote a message of 15 lines which said: After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Not a suprise, unfortunately. See also http://bgpmon.net/blog/?p=275
Re: How polluted is 1/8?
It should be of no surprise to anyone that a number of the remaining prefixes are something of a mess(somebody ask t-mobile how they're using 14/8 internally for example). One's new ipv4 assignments are going to be of significantly lower quality than the one received a decade ago, The property is probably transitive in that the overall quality of the ipv4 unicast space is declining... The way to reduce the entropy in a system is to pump more energy in, there's always the question however of whether that's even worth it or not. joel Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
Re: How polluted is 1/8?
In a message written on Wed, Feb 03, 2010 at 04:49:00PM +0100, Mirjam Kuehne wrote: After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. Having this data is useful, but I can't help to think it would be more useful if it were compared with 27/8, or other networks. Is this slightly worse, or significantly worse than other networks? -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpOjMitM1uYk.pgp Description: PGP signature
Re: How polluted is 1/8?
Having this data is useful, but I can't help to think it would be more useful if it were compared with 27/8, or other networks. Is this slightly worse, or significantly worse than other networks? I have only anecdotal information regarding 45/8. 45/8 is assigned to Interop, and as such it is brought up-and-down as Interop's shows move in and out of convention centers. Starting at least 5 years ago, it has proved impractical to start announcing 45/8, since this causes immediate and massive amounts of traffic to flow into the show network. The last time that I know that the full 45/8 was announced, traffic settled down to about a full T3's worth of bandwidth before the network engineers started announcing smaller /16 chunks as actually needed. Even /16 has proved impractical while the network is being built-out, before the show, because the build-out site typically has T1-ish bandwidth---again, saturated with a /16 being announced. This information is very different from the RIPE Labs experiment which I think showed that certain obvious addresses (1.1.1.1 seemed to be the kicker in my short reading of their report) were being mis-used heavily. But I suspect that 27/8 would have similar issues to 45/8. However, it is not clear to me that this is different from any other /8. In other words, for those that have a /8, they probably DO have to put up with a T3-worth of garbage flowing their way before they move the first useful packet. However, you don't get a /8 unless a T3 is small potatoes to you, hence... jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
Re: How polluted is 1/8?
On Wed, 3 Feb 2010, Joel M Snyder wrote: This information is very different from the RIPE Labs experiment which I think showed that certain obvious addresses (1.1.1.1 seemed to be the kicker in my short reading of their report) were being mis-used heavily. But I suspect that 27/8 would have similar issues to 45/8. I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...). jms
Re: How polluted is 1/8?
On 2/3/2010 2:19 PM, Justin M. Streiner wrote: I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...). I think it is too bad that we didn't have the forethought to route all of those networks to 100-watt resistors some years ago. When I last was admin of a small-corner of the world I routed a lot of that kind of traffic (I don't remember it 1/? was part of that or not) to the null interface. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: How polluted is 1/8?
On Wed, 3 Feb 2010, Larry Sheldon wrote: On 2/3/2010 2:19 PM, Justin M. Streiner wrote: I could see holding those prefixes aside for research purposes (spam traps, honey pots, etc...). I think it is too bad that we didn't have the forethought to route all of those networks to 100-watt resistors some years ago. When I last was admin of a small-corner of the world I routed a lot of that kind of traffic (I don't remember it 1/? was part of that or not) to the null interface. If some unfortunate soul does get 1.1.1.1, 1.2.3.4, 1.3.3.7, etc, they would also likely experience significant global reachability problems in addition to all of the unintended noise that gets sent their way. There are many sites that specifically filter those addresses, in addition to those that don't update bogon filters, or assume no one will _ever_ get 1.2.3.4! :) jms
RE: How polluted is 1/8?
If some unfortunate soul does get 1.1.1.1, 1.2.3.4, 1.3.3.7, etc, they would also likely experience significant global reachability problems in addition to all of the unintended noise that gets sent their way. There are many sites that specifically filter those addresses, in addition to those that don't update bogon filters, or assume no one will _ever_ get 1.2.3.4! :) They would make great DNS server IPs for someone who wanted to host them. :) Deepak
Re: How polluted is 1/8?
On Feb 3, 2010, at 3:10 PM, Joel M Snyder wrote: Having this data is useful, but I can't help to think it would be more useful if it were compared with 27/8, or other networks. Is this slightly worse, or significantly worse than other networks? I have only anecdotal information regarding 45/8. 45/8 is assigned to Interop, and as such it is brought up-and-down as Interop's shows move in and out of convention centers. Starting at least 5 years ago, it has proved impractical to start announcing 45/8, since this causes immediate and massive amounts of traffic to flow into the show network. The last time that I know that the full 45/8 was announced, traffic settled down to about a full T3's worth of bandwidth before the network engineers started announcing smaller /16 chunks as actually needed. Even /16 has proved impractical while the network is being built-out, before the show, because the build-out site typically has T1-ish bandwidth---again, saturated with a /16 being announced. Just because I find it amusing timing... today I sat in a vendor presentation where he connected to his company's demo site and I smiled as I saw IP addresses in 45/8 (as well as 10/8 and others).
Re: How polluted is 1/8?
On 4/02/2010, at 9:19 AM, Justin M. Streiner wrote: I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes 1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the general public will not get addresses in these. -- Nathan Ward
