y, January 15, 2014 4:31 PM
To: Dobbins, Roland
Cc: NANOG list
Subject: Re: best practice for advertising peering fabric routes
On Jan 15, 2014, at 8:49 AM, "Dobbins, Roland" wrote:
> Not really. What I'm saying is that since PMTU-D is already broken on so
many endpoint network
-Original Message-
From: Leo Bicknell [mailto:bickn...@ufp.org]
Sent: Wednesday, January 15, 2014 3:18 PM
To: Dobbins, Roland
Cc: NANOG list
Subject: Re: best practice for advertising peering fabric routes
On Jan 15, 2014, at 12:02 AM, "Dobbins, Roland" wrote:
> Again, folks, thi
Hello Leo,
On Wed, 15 Jan 2014 08:18:13 -0600
Leo Bicknell wrote:
> This whole problem smacks to me of exchange points that are "too big to
> fail". Since some of these exchanges are so big, everyone else must bend to
> their needs. I think the world would be a better place if some of these
* Patrick W. Gilmore:
> NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
> route. An IXP LAN should not be reachable from any device not
> directly attached to that LAN. Period.
>
> Doing so endangers your peers & the IX itself. It is on the order of
> not implementing BCP38, except
On Wed, Jan 15, 2014 at 10:49 PM, ML wrote:
>
> Shouldn't ARP inspection be a common feature?
>
Dynamic ARP inspection is mostly useful only when the trusted ports
receive their MAC to IP address
mapping from a trusted DHCP server, and the trusted mapping is established
using DHCP snooping.
Or
On 1/15/2014 6:31 PM, Clay Fiske wrote:
Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so
long.
But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
http://www.google.com/patents/US5708654
Seriously though, it’s not so simple. You only
On Jan 15, 2014, at 12:46 PM, Niels Bakker wrote:
> * c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]:
>> Semi-related tangent: Working in an IXP setting I have seen weird corner
>> cases cause issues in conjunction with the IXP subnet existing in BGP. Say
>> someone’s got proxy
* b...@herrin.us (William Herrin) [Wed 15 Jan 2014, 19:27 CET]:
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote:
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
They need to be globall
* c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]:
Semi-related tangent: Working in an IXP setting I have seen weird
corner cases cause issues in conjunction with the IXP subnet
existing in BGP. Say someone’s got proxy ARP enabled on their router
(sadly, more common than it shoul
On Jan 15, 2014, at 10:26 AM, William Herrin wrote:
>
> Of course working, monitorable and testable are three different
> things. If my NMS can't reach the IXP's addresses, my view of the IXP
> is impaired. And "the Internet is broken" is not a trouble report that
> leads to a successful outcome
On Wed, Jan 15, 2014 at 1:26 PM, William Herrin wrote:
> On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote:
>> * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
>>
>>> So ... RFC1918 addresses for the IXP fabric, then?
>>>
>>> (Half kidding, but still )
>>
>> They need to
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote:
> * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
>
>> So ... RFC1918 addresses for the IXP fabric, then?
>>
>> (Half kidding, but still )
>
> They need to be globally unique.
Hi Niels,
Actually, they don't. To meet th
On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote:
> * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
>
>> So ... RFC1918 addresses for the IXP fabric, then?
>>
>> (Half kidding, but still )
>
>
> They need to be globally unique.
do they? :)
also... there is/was an exch
* patr...@ianai.net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]:
[..]
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
route. An IXP LAN should not be reachable from any device not
directly attached to that LAN. Period.
This is correct, and protects both your (ISP) infrastr
* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]:
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidding, but still )
They need to be globally unique.
-- Niels.
--
"It's amazing what people will do to get their name on the internet,
which is odd, be
On 2014-01-15, at 12:04, Jim Shankland wrote:
> On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote:
>> I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
>> route. An IXP LAN should not be reachable from any device except those
>> directly attached to that LAN. Period.
>
> So
On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote:
I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route.
An IXP LAN should not be reachable from any device except those directly
attached to that LAN. Period.
So ... RFC1918 addresses for the IXP fabric, then?
(Half kidd
On Wed, Jan 15, 2014 at 10:57 AM, Patrick W. Gilmore wrote:
> On Jan 15, 2014, at 10:44 , William Herrin wrote:
>> I have to disagree with you. If it appears in a traceroute to
>> somewhere else, I'd like to be able to ping and traceroute directly to
>> it. When I can't, that impairs my ability t
best practice for advertising peering fabric routes
On Jan 15, 2014, at 10:44 , William Herrin wrote:
> On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore
> wrote:
>> NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route.
>> An IXP LAN should not be reachable from
On Jan 15, 2014, at 10:52 PM, Leo Bicknell wrote:
> (Business class) ISP's don't break PMTU-D, end users break it with the
> equipment they connect.
Concur 100%. That's my point.
> So a smart user connecting equipment that is properly configured should be
> able to expect it to work proper
On Jan 15, 2014, at 10:44 , William Herrin wrote:
> On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore
> wrote:
>> NEVER EVER EVER put an IX prefix into BGP, IGP, or even
>> static route. An IXP LAN should not be reachable from any
>> device not directly attached to that LAN. Period.
>>
>> D
On Jan 15, 2014, at 9:37 AM, "Dobbins, Roland" wrote:
> But what I'm saying is that that whether or not they want to use jumbo frames
> for Internet traffic, it doesn't matter, because PMTU-D is likely to be
> broken either at the place where the traffic is initiated, the place where
> the tr
On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore wrote:
> NEVER EVER EVER put an IX prefix into BGP, IGP, or even
> static route. An IXP LAN should not be reachable from any
> device not directly attached to that LAN. Period.
>
> Doing so endangers your peers & the IX itself. It is on the orde
On Jan 15, 2014, at 10:31 PM, Leo Bicknell wrote:
> I am approaching it from a different perspective, 'where is PMTU-D broken for
> people who want to use 1500-9K frames end to end?'
I understand that perspective, absolutely.
But what I'm saying is that that whether or not they want to use j
On Jan 15, 2014, at 8:49 AM, "Dobbins, Roland" wrote:
> Not really. What I'm saying is that since PMTU-D is already broken on so
> many endpoint networks - i.e., where traffic originates and where it
> terminates - that any issues arising from PMTU-D irregularities in IXP
> networks are triv
On (2014-01-15 08:18 -0600), Leo Bicknell wrote:
> I know a lot of people push next-hop-self, and if you're a large ISP with
> thousands of BGP customers is pretty much required to scale.
It's actually the polar opposite. If you are small, there are no compelling
reasons to put IXP in IGP.
If yo
On Jan 15, 2014, at 9:18 PM, Leo Bicknell wrote:
> However, a good engineer would know there are drawbacks to next-hop-self, in
> particular it slows convergence in a number of situations. There are
> networks where fast convergence is more important than route scaling, and
> thus the tradit
On Jan 15, 2014, at 12:02 AM, "Dobbins, Roland" wrote:
> Again, folks, this isn't theoretical. When the particular attacks cited in
> this thread were taking place, I was astonished that the IXP infrastructure
> routes were even being advertised outside of the IXP network, because of
> these
On Wednesday, January 15, 2014 09:57:32 AM Michael Hallgren
wrote:
> I don't think you need route-reflection in a 5 node iBGP.
I'm for doing it now and not worrying about it later.
Also, don't originate your routes from your peering router
Mark.
signature.asc
Description: This is a digitall
c A Louie
>> Cc: Patrick W. Gilmore ; NANOG list
>> Sent: Tuesday, January 14, 2014 10:37 PM
>> Subject: Re: best practice for advertising peering fabric routes
>>
>>
>> On Wed, Jan 15, 2014 at 1:22 AM, Eric A Louie wrote:
>>> Thank you - I will heed t
y, January 14, 2014 10:37 PM
>Subject: Re: best practice for advertising peering fabric routes
>
>
>On Wed, Jan 15, 2014 at 1:22 AM, Eric A Louie wrote:
>> Thank you - I will heed the warning. I want to be a good community member
>> and make sure we're maintaining
n/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml
>
>
>
>
>>
>> From: Eric A Louie
>>To: Patrick W. Gilmore ; NANOG list
>>Sent: Tuesday, January 14, 2014 10:22 PM
>>Subject: Re: best practice for advertising peering fabric routes
>>
>>
&
All routers behind 'your-router' in 'your-netowrk' see
'ixp-participants' with a next-hop of 'your-router' who still knows
'send to ixp!' for the route(s) in question.
>
>
>
>>
>> From: Patrick W. Gilmore
>>To: NANOG
c prefixes coming from the
other fabric members.
>
> From: Eric A Louie
>To: Patrick W. Gilmore ; NANOG list
>Sent: Tuesday, January 14, 2014 10:22 PM
>Subject: Re: best practice for advertising peering fabric routes
>
>
>Thank you - I wi
for that capability) Do I have to provide them some sort of VPN to make that
happen across my network to the peering fabric router?
>
> From: Patrick W. Gilmore
>To: NANOG list
>Sent: Tuesday, January 14, 2014 7:11 PM
>Subject: Re: best practic
On Jan 15, 2014, at 11:41 AM, Patrick W. Gilmore wrote:
> I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
> route. An IXP LAN should not be reachable from any device except those
> directly attached to that LAN. Period.
+1
Again, folks, this isn't theoretical. When
On Jan 14, 2014, at 23:03 , Leo Bicknell wrote:
> On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore wrote:
>
>> So Just Don't Do It. Setting next-hop-self is not just for "big guys", the
>> crappiest, tiniest router that can do peering at an IXP has the same
>> ability. Use it. Stop putting me a
On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore wrote:
> So Just Don't Do It. Setting next-hop-self is not just for "big guys", the
> crappiest, tiniest router that can do peering at an IXP has the same ability.
> Use it. Stop putting me and every one of your peers in danger because you are
>
On Jan 14, 2014, at 22:20 , Leo Bicknell wrote:
> On Jan 14, 2014, at 7:55 PM, Eric A Louie wrote:
>
>> I have a connection to a peering fabric and I'm not distributing the peering
>> fabric routes into my network.
>
> There's a two part problem lurking.
>
> Problem #1 is how you handle your
On Jan 14, 2014, at 7:55 PM, Eric A Louie wrote:
> I have a connection to a peering fabric and I'm not distributing the peering
> fabric routes into my network.
There's a two part problem lurking.
Problem #1 is how you handle your internal routing. Most of the "big boys"
will next-hop-self
On Jan 14, 2014 7:13 PM, "Patrick W. Gilmore" wrote:
>
> Pardon the top post, but I really don't have anything to comment below
other than to agree with Chris and say rfc5963 is broken.
>
> NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An
IXP LAN should not be reachable fro
Pardon the top post, but I really don't have anything to comment below other
than to agree with Chris and say rfc5963 is broken.
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP
LAN should not be reachable from any device not directly attached to that LAN.
Period.
D
On Tue, Jan 14, 2014 at 9:09 PM, Cb B wrote:
> On Jan 14, 2014 6:01 PM, "Eric A Louie" wrote:
>>
>> I have a connection to a peering fabric and I'm not distributing the
> peering fabric routes into my network.
>>
good plan.
>> I see three options
>> 1. redistribute into my igp (OSPF)
>>
>> 2. c
On Jan 14, 2014 6:01 PM, "Eric A Louie" wrote:
>
> I have a connection to a peering fabric and I'm not distributing the
peering fabric routes into my network.
>
> I see three options
> 1. redistribute into my igp (OSPF)
>
> 2. configure ibgp and route them within that infrastructure. All the
defa
I have a connection to a peering fabric and I'm not distributing the peering
fabric routes into my network.
I see three options
1. redistribute into my igp (OSPF)
2. configure ibgp and route them within that infrastructure. All the default
routes go out through the POPs so iBGP would see packe
45 matches
Mail list logo
