[afnog] How to convince providers to take the sane option....

Patrick Okui pokui at psg.com
Wed May 14 16:24:37 UTC 2014 

Firstly I agree that in many cases (in East Africa) some of these
routing policies are made without proper knowledge of all the
implications or better ways to route. More participation in things like
AfPIF could help alleviate some misconceptions.

However, I need to play devil's advocate for one scenario.

On  14-May-2014 12:02:08 (+0300), Mark Tinka wrote:
> On Wednesday, May 14, 2014 10:26:00 AM Roland Dobbins wrote:
> 
>> My guess is that it's largely bit-rot.  Configs are
>> working, and some operators are loath to touch them,
>> lest Bad Things occur - so the routing isn't
>> re-optimized to take into account changing
>> circumstances.
> 
> Based on what I see in the region, the large service 
> providers (be they wholesale or retail) no longer have this 
> issue. There is a good amount of clue that folk are not 
> afraid of changing things around.

One reason this has developed in certain cases is partly historical -
like what we're cleaning up in the UIXP in Uganda.

It starts with everyone peering exchanging all routes, then a few of the
providers leak the routes cross-border to say the KIXP in Kenya.

Configuration mistakes mean if that's not controlled these IX advertised
routes are leaked to the Internet. Depending on how well peered a
provider is, the Internet may prefer their path (eventually via the IX)
and while this "free transit" may be interesting to have it's not one
for which a service agreement exists and in some cases may be worse than
the egress links the affected party has.

To make matters more interesting some people only peer with the route
server and not bilaterally, so it's difficult to control which peer gets
what and they decide to either shut down their link or announce only
aggregates plus very few specifics.

In this case the way to fix it in the various IXes is more interaction
with the IX operators as a mediator in this case. I don't think the IXes
in the region are big enough yet that the rules in some regions that
would forcibly de-peer someone for configuration errors are feasible.

my 0.02 UGX

--
patrick



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <http://afnog.org/pipermail/afnog/attachments/20140514/9381d49b/attachment.sig>

More information about the afnog mailing list