Re: We hit half-million: The Cidr Report

["Patrick W. Gilmore" <patrick () ianai net>]

On Apr 30, 2014, at 09:15 , Jérôme Nicolle <jerome () ceriz fr> wrote:
> Le 29/04/2014 04:39, Valdis.Kletnieks () vt edu a écrit :

> > Do we have a handle on what percent of the de-aggrs are legitimate
> > attempts at TE, and what percent are just whoopsies that should be
> > re-aggregated?
>
> Deaggs can "legitimatelly" occur for a different purpose : hijack
> prevention (Pilosov & Kapela style).
>
> It's fairly easy to punch a hole in a larger prefix, but winning the
> reachability race while unable to propagate a more specific prefix
> significantly increase hijacking costs.

Excellent point, Jérôme.

Let's make sure nothing is hijack-able. Quick, let's de-agg -everything- to /24s. Everyone's routers can sustain > 10 
million prefixes per full table, right? Jérôme, how many prefixes can your routers handle?

Or we could stop thinking that abusing a shared resource for personal gain is a great idea.


> For a less densely connected network (no presence on public IXPs, poor
> transits...), renumbering critical services (DNS, MX, extranets) to
> one of their /24s and de-aggregating it could be a smart move.

See my previous post. Of course deaggregation can have a use, but for a network is no peering an one or a few transits, 
those more specifices never have to hit the global table. Sending that /24 to your transit provider(s) with no-export 
will have the _exact_same_effect_, and not pollute anyone's routers whom you are not paying.

The idea "I have a 'reason' for hurting everyone else, so it is OK" has got to stop. Just because you have a reason 
does not make it OK. And even when it is a good idea, most people implement it so poorly as to cause unneeded harm.

-- 
TTFN,
patrick

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail