Re: We hit half-million: The Cidr Report

[ML <ml () kenweb org>]

At one time Covad stated they announce everything as /24 to make 
hijacking more difficult.  Looks like Covad (now MEGAPATH) hasn't 
changed that policy.




On 4/29/2014 12:29 PM, Kate Gerry wrote:
> Already working on aggregating as much as I can. I was checking  my tables the other day and I think I saw another 
> provider advertising their /18 as /24s, it made me sick.
>
> --
> Kate Gerry
> Network Manager
> kate () quadranet com
>
> 1-888-5-QUADRA Ext 206 | www.QuadraNet.com
> Dedicated Servers, Colocation, Cloud Services and more.
> Datacenters in Los Angeles, Dallas and Miami.
>
> Follow us on:
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Patrick W. Gilmore
> Sent: Tuesday, April 29, 2014 9:23 AM
> To: NANOG list
> Subject: Re: We hit half-million: The Cidr Report
>
> > The remainder of the prefixes (45%) shares the same origin AS and the same path.
> > The could be TE prefixes, but as they are identical to their covering
> > aggregate its hard to appreciate exactly what the engineering intent
> > may be. I could make a wild guess and call these 45% of more specifics
> > to be an act of senseless routing vandalism. ( :-) ) This number has been steady as a % for the past three years.
> This could easily be TE, and a type of TE which would be trivially fixed.
>
> Let's take a simple example of a network with a /22 and 4 POPs. They have the same transit provider(s) at all 4 POPs 
> and a small backbone to connect them. Each POP gets a /24.
>
> A not-ridiculous way to force their transit provider to carry bits instead of clogging their backbone while still ensuring 
> redundancy would be to announce the /22 at all four POPs and the individual /24 at each individual POP. This creates four /24s 
> and a covering /22 with exactly the same path, but still has "use" as TE.
>
> Of course, it would be trivial for the network to clean up their act by attacking no-export to the /24s. But some people either do not 
> know it exists, know how it works, or know BGP well enough to understand it would not harm them. Or maybe they are just lazy: 
> "What's 3 extra prefixes in half a million?"
>
> The answer to the last question is, frankly, nothing. But 3 prefixes for 30K ASNs is an ass-ton. (That's a technical term meaning 
> "lots & lots".)
>
>
> This is a good time for a marketing effort. Let's see if we can get the table back under 500K. Everyone check your 
> announcements. Are you announcing more specifics and a covering aggregate with the same path? Can you delete the more 
> specific? Can you add no-export or another community to keep the more specifics from the global table?
>
> If you are unsure, ask. I think it would be rather awesome if we saw a quick reversal in table growth and went back under 500K, even if it 
> was short lived. ESPECIALLY if we can do it before we hit 512K prefixes. Would prove the community still cares about, well, the community, 
> not just their own network. Because on the Internet, "your network" is part of the "community", and things that harm 
> the latter do harm the former, even if it is difficult for you to see sometimes.
>
> Who will be the first to pull back a few prefixes?
>
> --
> TTFN,
> patrick
>
> On Apr 29, 2014, at 03:31 , Geoff Huston <gih () apnic net> wrote:
>
> > On 29 Apr 2014, at 12:39 pm, Valdis.Kletnieks () vt edu wrote:
> >
> > > On Mon, 28 Apr 2014 21:59:43 -0400, "Patrick W. Gilmore" said:
> > > > > On Apr 28, 2014, at 19:41, Chris Boyd <cboyd () gizmopartners com> wrote:
> > > > > I'm in the middle of a physical move.  I promise I'll take the 3
> > > > > deagg'd /24s out as soon as I can.
> > > > Do not laugh. If everyone who had 3 de-agg'ed prefixes fixed it, the
> > > > table would drop precipitously. We all have to do our part.
> > > Do we have a handle on what percent of the de-aggrs are legitimate
> > > attempts at TE, and what percent are just whoopsies that should be re-aggregated?
> > I made a shot at such a number in a presentation to NANOG in Feb this
> > year
> > (http://www.potaroo.net/presentations/2014-02-09-bgp2013.pdf)
> >
> >
> > If you assume that Traffic Engineering more specifics share a common
> > origin AS with the covering aggregate, then around 26% of more
> > specifics are TE advertisements. This number (as a percentage) has
> > gwon by 5% over the past three years
> >
> >
> > If you assume that Hole Punching more specifics are more specifics
> > that use a different origin AS, then these account for 30% of the more specifics in today's routing table.
> > This number has fallen by 5% over the past three years.
> >
> > The remainder of the prefixes (45%) shares the same origin AS and the same path.
> > The could be TE prefixes, but as they are identical to their covering
> > aggregate its hard to appreciate exactly what the engineering intent
> > may be. I could make a wild guess and call these 45% of more specifics
> > to be an act of senseless routing vandalism. ( :-) ) This number has been steady as a % for the past three years.
> >
> > Interestingly, it's the hole punching more specifics that are less
> > stable, and the senseless routing vandalism more specifics that are more stable than the average.
> >
> > thanks,
> >    Geoff