nanog mailing list archives

Re: Is multihoming hard? [was: DNS amplification]

From: Joe Abley <jabley () hopcount ca>
Date: Wed, 20 Mar 2013 11:39:38 -0400


On 2013-03-20, at 10:55, Seth Mattinen <sethm () rollernet us> wrote:

On 3/20/13 6:25 AM, Owen DeLong wrote:

I don't know a single ISP that wants to throttle growth by not accepting additional customers, BGP speaking or not. 
(I do know several that want to throttle growth through not upgrading their links because they have a captive 
audience they are trying to ransom. But that is neither relevant to this discussion, not controversial - unless you 
are paid by one of those ISPs….)


Comcast
Verizon
AT&T
Time Warner Cable
Cox
CenturyLink

to name a few.

Not one of them will run BGP with a residential subscriber.


Based on the average clue of your average residential subscriber (anyone
here need not apply) I'd say that's a good thing.


In practice, it seems to me that the way people multi-home these days for client-filled networks is:

1. Number everything internally using private-use addresses
2. Use one NAT per upstream
3. Send your outbound flows through whichever NAT seems appropriate

There seem to be no shortage of SMB appliances that will take care of this for you without you having to understand 
anything. The phrase that seems to be used when describing these routers is "dual WAN".

  https://www.mushroomnetworks.com
  http://www.peplink.com/balance/
  http://www.tp-link.com/
  http://www.draytek.com/

It's trivial to configure this kind of thing on more general-purpose gear too, obviously, but that requires Actual 
Knowledge of How Things Work whereas these products aim to get things running without any of that.

This style of multi-homing is invisible from the perspective of the routing system. Obviously this doesn't work nicely 
for inbound connections, but the fact that people do it anyway suggests that isn't a deal-killer (presumably every 
server that needs to accept an inbound connection these days lives elsewhere, in someone's cloud).

I'm not suggesting this is good architecture, but it happens. Even if BGP on res-grade internet access products was 
trivially available, I can see this kind of NAT hack being more popular.

I think it's incorrect to insist that the Network doesn't support pervasive end-site multi-homing when it's clear that 
people are doing it anyway.


Joe

Current thread:

Re: [c-nsp] DNS amplification, (continued)
- - - Re: [c-nsp] DNS amplification Arturo Servin (Mar 20)
    - Re: [c-nsp] DNS amplification Aled Morris (Mar 20)
    - Re: [c-nsp] DNS amplification Arturo Servin (Mar 20)
    - Re: [c-nsp] DNS amplification David Conrad (Mar 20)
    - Re: [c-nsp] DNS amplification Arturo Servin (Mar 20)
    - Re: [c-nsp] DNS amplification Owen DeLong (Mar 20)
    - Is multihoming hard? [was: DNS amplification] Patrick W. Gilmore (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Owen DeLong (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] ML (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Seth Mattinen (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Joe Abley (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Jared Mauch (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Masataka Ohta (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Owen DeLong (Mar 20)
    - Re: Is multihoming hard? [was: DNS amplification] Valdis . Kletnieks (Mar 22)
    - Re: Is multihoming hard? [was: DNS amplification] Owen DeLong (Mar 23)
    - Re: Is multihoming hard? [was: DNS amplification] Jimmy Hess (Mar 23)
    - Re: Is multihoming hard? [was: DNS amplification] Owen DeLong (Mar 23)
    - Re: Is multihoming hard? [was: DNS amplification] Kyle Creyts (Mar 23)
    - Re: Is multihoming hard? [was: DNS amplification] Matt Palmer (Mar 23)
    - Re: Is multihoming hard? [was: DNS amplification] joel jaeggli (Mar 24)

(Thread continues...)