I wanted to follow up on the darknet /12 experiment that was discussed at the routing working group meeting. Unfortunately I was unable to attend the meeting in person, so it would be great if someone who was there could chime in with and relevant comments on what comments were made by anyone at the mtg. Moving forward, I would like to discuss the following issues on this topic: 1: Better co-ordination of future experiments via the working group. - As we have seen the covering /12 announcement really does matter in the visibility it provides - Observing leaked traffic from your network provides you good insight into what might be misconfigured/broken in your network which you might not even be aware of - Observing traffic at the covering prefix can detect potential route flaps or transient routing instability In the past we have been concerned about possibly contaminating the collected data if the experiment was widely announced. This however, has turned out to not be a significant concern. We really do not seen anyone maliciously trying to taint our data and there doesn't seem to be a valid reason for people to do so other than vandalism. 2: Is there interest in receiving summary reports based on observed traffic from different ASes - only reports to owners of the ASes - these would summarize traffic seen originating from their AS and include items such as volume of traffic observed, sources, destinations, breakdowns by source and destination ports. 3: Would a future /12 covering prefix announcement provide value to the community and help during the transition to IPv6? 4: What IPv6 route filters do people currently have in place - how many in the wg anticipate that a /12 announcement would be ignored in their networks - 9 out of 12 ripe monitors showed the prefixes being accepted, is this a true representation of what actually might be happening in network operator networks in the region? 5: Even aside from the experiment, given our observations we note that there is value in using a pull-up route to catch similar pollution traffic at the local networks. Do people have any plans to install such a pull-up route that catches unallocated customer traffic and routes it to a collector or monitor of some sort within their own networks. 6: We would like to at a future date also create an IPv6 routing beacon. Beacons have been previously used in IPv4 for research purposes to understand route convergence, We think IPv6 routing beacons would be very helpful in understanding what happens to traffic when data is in flight and the underlying prefix is flapping (different BGP views converging at different times? We are grateful to the community (RIPE and all regions) for allowing us the opportunity to study these issues. Any and all comments are welcome. Thanks. -manish

Message: 3 Date: Wed, 15 May 2013 22:09:36 +0200 From: Roger J?rgensen <rogerj@gmail.com> Subject: Re: [routing-wg] [ipv6-wg] MERIT Darknet Experiment, Guidance Sought in Routing WG To: routing-wg@ripe.net Message-ID: <CAKFn1SH7NCREWFn6NL=MV0hkJaszrnAFJN9nL-=dKSd=K7XpUw@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1

On Wed, May 15, 2013 at 9:38 PM, Daniel Karrenberg <daniel.karrenberg@ripe.net> wrote:

...

Some of you may remember the short discussion here last November about the MERIT Darknet experiment and the subsequent change in our permission to MERIT. This RIPE meeting we have heard a presentation from MERIT/US-DHS about first results:

https://ripe66.ripe.net/presentations/121-v6darknet-ripe2013.pdf

Given this, the RIPE NCC is seeking guidance on what our permission to MERIT should be in the future. Here are a couple of slides which we will present in the routing-wg:

https://ripe66.ripe.net/presentations/259-20130515-v6-darknet.key.pdf

Any reactions are welcome. I suggest to have any discussion over on routing-wg@ripe.net.

I'm divided on this, * I'm disapointed we, RIPE, sort of ruined this by not letting them announce the entire /12 * I also think it was worth it since we can see what a difference that made for the traffic they collected

So all in all, I think it was worth it by doing this /13+/14 instead of the entire /12 since it made such a big difference really. But maybe they should do it for some other regions the next time?

However for the future - I think they should be allowed to announce the entire /12 for this Darknet experiment.

--

Roger Jorgensen | ROJO9-RIPE rogerj@gmail.com | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no