Some leaks in China/Hongkong

Gert Doering gert at space.net
Wed Oct 29 09:08:14 CET 2008 

Hi,

On Tue, Oct 28, 2008 at 05:11:29PM +0100, Thomas Schmid wrote:
> > It's much worse.  At least DFN *has* a full view, but they prefer Geant2
> > routes, because "NREN stuff needs to go there".
>
> that's right and this is badly needed today and in the future. We don't want
> to send any NREN traffic via unknown peering paths alone because this
> affects mutltiple Gigs of traffic and might flood quite some links.

So you're sending *non*-NREN traffic over scenic paths round the world?

Some time in the last century, we did local-pref our DECIX-peers, because
"peering is cool, upstream is expensive".  Shortly afterwards, we were
seeing a path with some 10 AS hops over peering, while transit would 
have been 3 AS hops, and much better bandwidth.  Guess where our packets
went...

Since then we've stuck to "AS-Path lenght is a useful metric, MED will
be taken into account, and local-pref will only be used in well-defined(!)
exceptions".

Just local-prefing anything that comes via a NREN link does not sound
very well-defined, so this is guaranteed to cause issues again and again.

[..]
> I don't see an easy solution for the time being. So manual reaction on people
> complaining is currently the only way to deal with the problem.

You're currently using the reactive approach "local-pref everything, 
maintain (negative) exception lists".  Our experience has been that 
"local-pref nothing, maintain (positive) exception lists" is usually 
causing much less pain to our customers.

But then, our definition of "happy packets" is "fast delivery" - other
people might consider a scenic world tour a nice way to make happy
packets...


To be a bit more constructive: you could maintain a list of AS numbers
that belong to known research networks and should be reached via Geant2,
and local-pref these.  Anything else coming in via Geant2 should not be 
local-prefed (don't necessarily *drop*, even if that might be prudent given
some of the crap I2 is leaking, but at least do not *force*) - which would 
avoid routing Google traffic to Hongkong, instead of Amsterdam.


We're trying to convince content providers that they should publish
AAAA records - and e.g. google rightly says "as long as people's routing 
is so f****ed up, publishing AAAA records is going to hurt our users".

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  128645

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20081029/4f063444/attachment.sig>

More information about the ipv6-ops mailing list