Re: ISPACs

["Justin W. Newton" <justin@erols.com>]

Well, since I seem to be the only person who holds my point of view, I
suppose I'll stop posting after this (at least noone has mailed me and told
me to shutup yet, or asked that I be removed from the list ;)

At 05:30 PM 12/5/96 -0800, Tony Li wrote:
>
>   Right, so instead of my customers having to renumber if I want to leave my
>   upstream provider, my customers have to renumber if I want to leave the
>   ISPAC I am in.  To use your words, "just like today".
>
>That's true.  However, if your customers want to change to another
>provider, they may be able to do so without renumbering (modulo sufficient
>local aggregation).

Assuming that they move to a provider who is a member of the same ISPAC as
I am, and that the aggreagtion inside of an individual ISPAC isn't
important to the members.  Yes, it could be possible.

>
>   1) I am buying bandwidth from the person running an interconnect, in which
>   case they become my provider, "just like today".
>
>And this person works for you indirectly, through the ISPAC administration,
>so they report to you.  So you exert control over it.  Unlike today.

As opposed to today where I write them a check and they work for me
indirectly as well?  

>   effectively allowing my competitors to use my potentially
>   better connectivity, and I become dependant on their network to make
>   certain that my users connectivity isn't affected.  I believe that I
>   covered the reasons that people may be uncomfortable with that in detail
>   before.
>
>And it effectively allows you to use your competitors potentially better
>connectivity.  And they become dependent on your network to make certain
>that their users connectivity isn't affected.  
>

Exactly, this doesn't seem to be a position I would like to enter into.
One provider or the other is going to have better connectivity, and this
will effectively even out that connecitivity, which encourages me as a
provider in the ISPAC to go with the lowest cost connectivity I can find
and then piggy back off of other who have better connectivity.  (Yes, I do
know that there could be "connectivity requirements" for joining the ISPAC,
but we all know a t-1 isn't a t-1 isn't a t-1, there are differences).


>Sounds to me that you're not willing to trust.  Even if there are
>contracts.  That's ok by me, but I don't think that's the norm.
>
>   Yes, and today I do not enter into agreements with my direct competitors
>   where They have the ability to destroy connectivity for all of my
customers
>   to the entire internet, 
>
>They do not have that ability if you either maintain your own upstream
>connection or you use a common upstream connection.  Note that today they
>have that capability and you do NOT have the agreement.  So.... it seems
>that legal agreements make you less comfortable, not more.

Right, but even if I maintain my own upstream connection I am at the mercy
of anyone else's upstream connection who is announcing thwe agregate block
which contain my IP's.

>You clearly have say: you join, you vote (assuming that's the political
>model).  If you really don't like it, you vote with your feet.

Right, the same as I can today with an upstream provider.  Basically what
it seems that you are proposing is to some extent replacing dependance on
an upstream provider with the ISPAC for IP address continuity.  

>
>   Yes, BGP peers /could/ do the same thing to
>   me, but its a lot easier for me to turn off a peering session than
>   instantaneously renumber my network.
>
>Excuse me, but anyone can hose you even not being a peer by simply
>injecting your prefixes from a black hole.  I can take my handy-dandy WG
>packet generator and my T3 and take you out from wherever.  So it's a big
>bad world out there regardless.  At least with a piece of paper, you have a
>leg to stand on in court....

Yes, you can, and such an action is definately malicious, and likely
illegal (like go to jail illegal).  It is a lot easier for someone to do
such a thing and have it look like an accident if they are advertising your
blocks /with your consent/.  Am I not making the difference clear, or am I
overestimating the risk I believe I would be at if I undertook such a
course of action.

>
>   Yes, but such a lawsuit would likely be considered frivolous.  Unless I
was
>   maliciously attacking my competitor via ping floods or something of the
>   like, it would be quite difficult for them to launch a lawsuit that would
>   be considered other than frivilous in a US court.  
>
>So I guess I'm unclear on what you're worry is.  If it's not malicious
>conduct, is it only incompetent conduct?  If so, why does the common
>interconnect model not fix things?

Its mailicious content which could be masked as simply incometent, its
incompetence which I would normally not have to be associated with that I
now will be.  (I trust MCI to be able to hire competent network engineers,
have a 24 hr NOC, care if their name is smeared on NANOG, etc etc, the same
does not hold true for Mom's Bait Tackle and IP Connectivity).  A common
interconnect model does improve things, but that takes us back to a
provider based model where the people running the interconnect are a
provider, which leaves us at the current model, no different.


>
>   Until such a document exists we are wasting our time on this
>   proposal, noone will use it.  
>
>Even if such a document exists, no one will use the document.  They'll want
>their own.  Geeze, you don't spend much time with lawyers do you?  You
>haven't seen the "well, this document won't do at all until I add some
>gratuitous changes and billable hours"?

Thats fine, what I am looking for is something which could be used as a
basis on which we can reach general consensus that this is something that
we would be willing to use in a modified form.  I don't want the details of
the document, just the basic rules that people would agree to play by.  I
don't believe that even these basic rules could be agreed upon.

>
>   Tony, why don't you go propose this on
>   inet-access where all of the people who would actually become members of
>   these ISPACs actually are, instead of over here on cidrd where most of the
>   members already receive space directly from the regional registry of their
>   choice?
>
>One hurdle at a time, thank you.  ;-)

It seems like that would be the logical place to do this though.  I am
adding input here, but quite frankly, this won't affect me one way or the
other if it does happen.  If you fo to a mailing list which has people on
it who would actually /do/ this possibly you might get better participation
than just me.  


Justin Newton
Network Architect
Erol's Internet Services