Re: Has PSI been assigned network 1?

["Karl Denninger, MCSNet" <karl () mcs com>]

> Karl, you obviously do not understand what global networking
> and policy routing mean.

Nonsense.  You obviously do not understand what providing robust
connectivity means.

> Right today we nearly killed all Internet by _not_ doing
> paranoid filtering on ANS route announcements (well we
> couldn't do it because of certain contractual obligations).
>
> ANS had trouble with generating configuration for ENSS 147,
> so they simply dropped all routes at our MAE-East+ box
> without filtering they usually do,  which would be fine if we
> didn't do some upgrades at ICM, which involved changing
> preferences in ICM-SL routing, to the effect that SL started
> preferring AS 690 as path to many European networks. It resulted
> in SprintLink -> Europe traffic being moved from SL->ICM FDDI
> connection to SL->ENSS(147)->ANS core->Dante path; which at
> the daytime grew and turned out be enough to overload ENSSes
> along the path.

Sorry, no.  You broke this by doing your own "upgrades" as well.  Fact is,
if someone starts flapping badly at you, and they announce many paths 
(ie: a significant CPU load is presented by this) you're screwed no matter
HOW MUCH you filter.  The equipment available today is designed foolishly --
route update processing and actual packet processing should NEVER be done by
the same CPU -- but it is -- and as such you're dead when this happens.

That cannot be avoided by being a fascist.  However, what you can do is make
sure that backup paths don't work at all when things break, and in some
cases you can make sure that you can't reach certain prefixes at all, when
there is a perfectly valid path being announced to you.  In some of these
cases of "backhoe fade" and even software failure connectivity has been 
impacted when it SHOULD NOT HAVE BEEN by this policy of yours.

Filtering only serves to violate the premise of BGP4 and routing in general - 
that the metrics and route weights will guide a packet to the most expeditious
path.  When you remove some of those choices, you second-guess the physical 
realities of the time.

What you're doing here is *removing* choices.  This is bad.  Making certain
choices <less desirable> is good, and is how you should get packet loads
and traffic shares to go where you want.  But removing some paths from
consideration entirely by pretending they don't exist when in fact they do
serves to violate the integrity of the net as a whole.

> Sorry, Karl.  Internet is lucky that people who run most big networks
> know better than to wait for shit to happen.  In the system as large
> as Internet shit happens permanently.  Somewhere, in the most
> unxpected places.

Yep.  So?  You wish to argue with the fact that people do silly, stupid,
inept and sometimes even malicious things?  No argument.

Your solution is to lock everyone up BEFORE they do something bad?  This 
has to tie in with a political philosophy somewhere....

> If you persist in your dislike of filtering i guess i'll purely
> accidentally misconfigure a static route, so it will be the the same
> as your backbone address.  RS won't save you.
>
> This is a joke, of course.
>
> --vadim

--
--
Karl Denninger (karl () MCS Net)| MCSNet - The Finest Internet Connectivity
Modem: [+1 312 248-0900]     | (shell, PPP, SLIP, leased) in Chicagoland
Voice: [+1 312 248-8649]     | 7 POPs online through Chicago, all 28.8
Fax: [+1 312 248-9865]       | Email to "info () mcs net" for more information
ISDN: Surf at Smokin' Speed  | WWW: http://www.mcs.net, gopher: gopher.mcs.net