...@ufp.org]
Sent: Wednesday, January 15, 2014 3:18 PM
To: Dobbins, Roland
Cc: NANOG list
Subject: Re: best practice for advertising peering fabric routes
On Jan 15, 2014, at 12:02 AM, Dobbins, Roland rdobb...@arbor.net wrote:
Again, folks, this isn't theoretical. When the particular attacks
: NANOG list
Subject: Re: best practice for advertising peering fabric routes
On Jan 15, 2014, at 8:49 AM, Dobbins, Roland rdobb...@arbor.net wrote:
Not really. What I'm saying is that since PMTU-D is already broken on so
many endpoint networks - i.e., where traffic originates and where
* Patrick W. Gilmore:
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
route. An IXP LAN should not be reachable from any device not
directly attached to that LAN. Period.
Doing so endangers your peers the IX itself. It is on the order of
not implementing BCP38, except no one
Hello Leo,
On Wed, 15 Jan 2014 08:18:13 -0600
Leo Bicknell bickn...@ufp.org wrote:
This whole problem smacks to me of exchange points that are too big to
fail. Since some of these exchanges are so big, everyone else must bend to
their needs. I think the world would be a better place if
On Wednesday, January 15, 2014 09:57:32 AM Michael Hallgren
wrote:
I don't think you need route-reflection in a 5 node iBGP.
I'm for doing it now and not worrying about it later.
Also, don't originate your routes from your peering router
Mark.
signature.asc
Description: This is a
On Jan 15, 2014, at 12:02 AM, Dobbins, Roland rdobb...@arbor.net wrote:
Again, folks, this isn't theoretical. When the particular attacks cited in
this thread were taking place, I was astonished that the IXP infrastructure
routes were even being advertised outside of the IXP network,
On Jan 15, 2014, at 9:18 PM, Leo Bicknell bickn...@ufp.org wrote:
However, a good engineer would know there are drawbacks to next-hop-self, in
particular it slows convergence in a number of situations. There are
networks where fast convergence is more important than route scaling, and
On (2014-01-15 08:18 -0600), Leo Bicknell wrote:
I know a lot of people push next-hop-self, and if you're a large ISP with
thousands of BGP customers is pretty much required to scale.
It's actually the polar opposite. If you are small, there are no compelling
reasons to put IXP in IGP.
If you
On Jan 15, 2014, at 8:49 AM, Dobbins, Roland rdobb...@arbor.net wrote:
Not really. What I'm saying is that since PMTU-D is already broken on so
many endpoint networks - i.e., where traffic originates and where it
terminates - that any issues arising from PMTU-D irregularities in IXP
On Jan 15, 2014, at 10:31 PM, Leo Bicknell bickn...@ufp.org wrote:
I am approaching it from a different perspective, 'where is PMTU-D broken for
people who want to use 1500-9K frames end to end?'
I understand that perspective, absolutely.
But what I'm saying is that that whether or not
On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore patr...@ianai.net wrote:
NEVER EVER EVER put an IX prefix into BGP, IGP, or even
static route. An IXP LAN should not be reachable from any
device not directly attached to that LAN. Period.
Doing so endangers your peers the IX itself. It is
On Jan 15, 2014, at 9:37 AM, Dobbins, Roland rdobb...@arbor.net wrote:
But what I'm saying is that that whether or not they want to use jumbo frames
for Internet traffic, it doesn't matter, because PMTU-D is likely to be
broken either at the place where the traffic is initiated, the place
On Jan 15, 2014, at 10:44 , William Herrin b...@herrin.us wrote:
On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore patr...@ianai.net
wrote:
NEVER EVER EVER put an IX prefix into BGP, IGP, or even
static route. An IXP LAN should not be reachable from any
device not directly attached to
On Jan 15, 2014, at 10:52 PM, Leo Bicknell bickn...@ufp.org wrote:
(Business class) ISP's don't break PMTU-D, end users break it with the
equipment they connect.
Concur 100%. That's my point.
So a smart user connecting equipment that is properly configured should be
able to expect it
practice for advertising peering fabric routes
On Jan 15, 2014, at 10:44 , William Herrin b...@herrin.us wrote:
On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore patr...@ianai.net
wrote:
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route.
An IXP LAN should not be reachable
On Wed, Jan 15, 2014 at 10:57 AM, Patrick W. Gilmore patr...@ianai.net wrote:
On Jan 15, 2014, at 10:44 , William Herrin b...@herrin.us wrote:
I have to disagree with you. If it appears in a traceroute to
somewhere else, I'd like to be able to ping and traceroute directly to
it. When I can't,
On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote:
I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route.
An IXP LAN should not be reachable from any device except those directly
attached to that LAN. Period.
So ... RFC1918 addresses for the IXP fabric, then?
(Half
On 2014-01-15, at 12:04, Jim Shankland na...@shankland.org wrote:
On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote:
I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
route. An IXP LAN should not be reachable from any device except those
directly attached to that LAN.
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
They need to be globally unique.
-- Niels.
--
It's amazing what people will do to get their name on the internet,
which is odd,
* patr...@ianai.net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]:
[..]
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
route. An IXP LAN should not be reachable from any device not
directly attached to that LAN. Period.
This is correct, and protects both your (ISP)
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker niels=na...@bakker.net wrote:
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
They need to be globally unique.
do they? :)
also... there
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker niels=na...@bakker.net wrote:
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
They need to be globally unique.
Hi Niels,
Actually, they
On Wed, Jan 15, 2014 at 1:26 PM, William Herrin b...@herrin.us wrote:
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker niels=na...@bakker.net wrote:
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still
On Jan 15, 2014, at 10:26 AM, William Herrin b...@herrin.us wrote:
Of course working, monitorable and testable are three different
things. If my NMS can't reach the IXP's addresses, my view of the IXP
is impaired. And the Internet is broken is not a trouble report that
leads to a successful
* c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]:
Semi-related tangent: Working in an IXP setting I have seen weird
corner cases cause issues in conjunction with the IXP subnet
existing in BGP. Say someone’s got proxy ARP enabled on their router
(sadly, more common than it
* b...@herrin.us (William Herrin) [Wed 15 Jan 2014, 19:27 CET]:
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker niels=na...@bakker.net wrote:
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
On Jan 15, 2014, at 12:46 PM, Niels Bakker niels=na...@bakker.net wrote:
* c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]:
Semi-related tangent: Working in an IXP setting I have seen weird corner
cases cause issues in conjunction with the IXP subnet existing in BGP. Say
On 1/15/2014 6:31 PM, Clay Fiske wrote:
Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so
long.
But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
http://www.google.com/patents/US5708654
Seriously though, it’s not so simple. You only
On Wed, Jan 15, 2014 at 10:49 PM, ML m...@kenweb.org wrote:
Shouldn't ARP inspection be a common feature?
Dynamic ARP inspection is mostly useful only when the trusted ports
receive their MAC to IP address
mapping from a trusted DHCP server, and the trusted mapping is established
using DHCP
I have a connection to a peering fabric and I'm not distributing the peering
fabric routes into my network.
I see three options
1. redistribute into my igp (OSPF)
2. configure ibgp and route them within that infrastructure. All the default
routes go out through the POPs so iBGP would see
On Jan 14, 2014 6:01 PM, Eric A Louie elo...@yahoo.com wrote:
I have a connection to a peering fabric and I'm not distributing the
peering fabric routes into my network.
I see three options
1. redistribute into my igp (OSPF)
2. configure ibgp and route them within that infrastructure. All
On Tue, Jan 14, 2014 at 9:09 PM, Cb B cb.li...@gmail.com wrote:
On Jan 14, 2014 6:01 PM, Eric A Louie elo...@yahoo.com wrote:
I have a connection to a peering fabric and I'm not distributing the
peering fabric routes into my network.
good plan.
I see three options
1. redistribute into my
Pardon the top post, but I really don't have anything to comment below other
than to agree with Chris and say rfc5963 is broken.
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP
LAN should not be reachable from any device not directly attached to that LAN.
Period.
On Jan 14, 2014 7:13 PM, Patrick W. Gilmore patr...@ianai.net wrote:
Pardon the top post, but I really don't have anything to comment below
other than to agree with Chris and say rfc5963 is broken.
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An
IXP LAN should not be
On Jan 14, 2014, at 7:55 PM, Eric A Louie elo...@yahoo.com wrote:
I have a connection to a peering fabric and I'm not distributing the peering
fabric routes into my network.
There's a two part problem lurking.
Problem #1 is how you handle your internal routing. Most of the big boys
will
On Jan 14, 2014, at 22:20 , Leo Bicknell bickn...@ufp.org wrote:
On Jan 14, 2014, at 7:55 PM, Eric A Louie elo...@yahoo.com wrote:
I have a connection to a peering fabric and I'm not distributing the peering
fabric routes into my network.
There's a two part problem lurking.
Problem #1
On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore patr...@ianai.net wrote:
So Just Don't Do It. Setting next-hop-self is not just for big guys, the
crappiest, tiniest router that can do peering at an IXP has the same ability.
Use it. Stop putting me and every one of your peers in danger
On Jan 14, 2014, at 23:03 , Leo Bicknell bickn...@ufp.org wrote:
On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore patr...@ianai.net wrote:
So Just Don't Do It. Setting next-hop-self is not just for big guys, the
crappiest, tiniest router that can do peering at an IXP has the same
ability.
On Jan 15, 2014, at 11:41 AM, Patrick W. Gilmore patr...@ianai.net wrote:
I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
route. An IXP LAN should not be reachable from any device except those
directly attached to that LAN. Period.
+1
Again, folks, this isn't
for advertising peering fabric routes
Pardon the top post, but I really don't have anything to comment below other
than to agree with Chris and say rfc5963 is broken.
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP
LAN should not be reachable from any device
coming from the
other fabric members.
From: Eric A Louie elo...@yahoo.com
To: Patrick W. Gilmore patr...@ianai.net; NANOG list nanog@nanog.org
Sent: Tuesday, January 14, 2014 10:22 PM
Subject: Re: best practice for advertising peering fabric routes
Thank you
.
From: Patrick W. Gilmore patr...@ianai.net
To: NANOG list nanog@nanog.org
Sent: Tuesday, January 14, 2014 7:11 PM
Subject: Re: best practice for advertising peering fabric routes
Pardon the top post, but I really don't have anything to comment below other
than to agree with Chris and say
/technologies_tech_note09186a00800c95bb.shtml
From: Eric A Louie elo...@yahoo.com
To: Patrick W. Gilmore patr...@ianai.net; NANOG list nanog@nanog.org
Sent: Tuesday, January 14, 2014 10:22 PM
Subject: Re: best practice for advertising peering fabric routes
Thank you - I will heed the warning
; NANOG list nanog@nanog.org
Sent: Tuesday, January 14, 2014 10:37 PM
Subject: Re: best practice for advertising peering fabric routes
On Wed, Jan 15, 2014 at 1:22 AM, Eric A Louie elo...@yahoo.com wrote:
Thank you - I will heed the warning. I want to be a good community member
and make sure
list nanog@nanog.org
Sent: Tuesday, January 14, 2014 10:37 PM
Subject: Re: best practice for advertising peering fabric routes
On Wed, Jan 15, 2014 at 1:22 AM, Eric A Louie elo...@yahoo.com wrote:
Thank you - I will heed the warning. I want to be a good community member
and make sure we're
45 matches
Mail list logo