We can aggregate all of 202.32/16, but we either have to lie to the NSF and claim all customers in that block are AUP compliant or all the customers in that block can't get to the NSFnet.
Please note that networks shouldn't be "AUP compliant" to be routed thru NSFNET, they only shouldn't send non-AUP traffic across NSFNET. Since they don't do that now there are good chances they won't do that in the future. NSFNET AUP does not explicitly state what kind of enforcement users should use (if any) and i do not see any sense in assuming that network number filtering is mandatory to be AUP-compliant.
Therefore, we have to break 202.32/16 into pieces and some service provider up the wire may proxy aggregate for us.
Don't do that! It will hurt many service providers most of which don't have anything to do with NSFNET AUP. Since your commercial traffic won't go to NSFNET anyway you don't run any risk of violating AUP. [As a side note -- here comes another technically unenforceable policy. AUP and Die.].
Or have I missed something obvious?
Yes. Enforcing NSFNET's policy with some (small) probability can prevent abuse of US taxpayers' money; not aggregating will CERTAINLY hurt the whole Internet (not excluding NSFNET) -- most of which wasn't built on US taxpayers' money. --vadim
NSFNET AUP does not explicitly state what kind of enforcement users should use (if any) and i do not see any sense in assuming that network number filtering is mandatory to be AUP-compliant.
This might be the case, but Merit/ANS are using network number filtering technology to satisfy the NSF requirement of AUP compliance. If we're going to make CIDRization a requirement and/or do proxy aggregation, I would claim using network number filtering is no longer acceptible. Cheers, -drc
Not really. If you split the block into an AUP compatible group and a non-AUP compatible group, then you send in 2 routes in some cases instead of one. Thus you still save a large amount of route table space. Thanks, Milo
Not really. If you split the block into an AUP compatible group and a non-AUP compatible group, then you send in 2 routes in some cases instead of one. Thus you still save a large amount of route table space.
Sigh. I know, and this is what we're planning on doing. However, we were talking about proxy aggregation without consent and Tony complained it would break policy setting Paul (and Tony Li and Vince and ... ) off. With this solution, you'll still run into the problem that Tony was concerned with (or what I thought Tony was concerned with). This seems obvious to me: if you want to CIDRize the world (whether they want to or not), policy based routing on network numbers breaks - I just think people should admit it and deal with it. Also see my response to Bill. Hoping for the day rules will be made so it is easier to be honest than to lie, -drc CIDR - deal with it
participants (3)
-
David R Conrad -
Milo S. Medin -
Vadim Antonov