upvote

points

by candiddevmike10 hours ago |
comments
upvoteby dogcow8 hours ago|
next
[-]
Yes, same here. Very frustrating. It is almost as if the powers that be don't want lowly netizens controlling their own destiny.
reply
upvoteby direwolf208 hours ago|
parent|
[-]
Actually, they don't want to pollute the internet routing table with routes that are fully subsumed into other routes. The effect on address ownership is a side effect.
reply
upvoteby zhouzhao7 hours ago|
parent|
[-]
Actually, they just want to milk the money out of you. It's a matter of how much your willing to pay, as a business customer, it's all possible.

Most ISP do not have such pure goals, as to protect the global routing tables ;)

reply
upvoteby direwolf207 hours ago|
parent|
[-]
RIRs, not ISPs, allocate addresses at the top level, they make money on each address allocation, and they still won't allocate addresses to you if you don't multihome because they have a duty to conserve resources.

When you get PI addresses your LIR/ISP just passes your data on to the RIR.

reply
upvoteby dietr1ch6 hours ago|
prev|
next
[-]
I don't want an address, they should be cheap, meaningless (sans routing, the longer the common prefix, the closer geographically you should be) and not conflated with identifiers.

I just want a way to do public-key based discovery. I'm not sure if wireguard + DHT would do though as it'd also mean that it's easy to track your PK (and maybe you through your devices/services announced with PKs).

Maybe you can announce your IP in a neat encryption scheme that adds some privacy without increasing costs too much?

reply
upvoteby nine_k7 hours ago|
prev|
next
[-]
What is the point of owning public address space?

Anything in your private network (even if it goes over public internet) should be encrypted and locked up anyway. Something like Wireguard or Nebula only needs a few (maybe just one) publicly accessible address. Inside the overlay network, it's easy to keep IP addresses stable.

Anything public-facing likely needs a DNS record, updatable quickly when the IP of a publicly accessible interface changes (infrequently).

What am I missing?

reply
upvoteby direwolf206 hours ago|
parent|
next
[-]
The realistic point is to have your own abuse email contact, to evade the banhappy policies that most server hosts have even when you did nothing wrong. Usually they suspend your account if you don't reply within 24 hours, even if the complaint is obvious nonsense.
reply
upvoteby cyberax5 hours ago|
parent|
prev|
next
[-]
It's the only real way of running reliable IPv6 networks with multiple uplinks. Unless you want NATv6.
reply
upvoteby kortilla5 hours ago|
parent|
prev|
[-]
DNS updates are slow. BGP can react to a downed link in <1 sec.
reply
upvoteby gerdesj1 hours ago|
parent|
next
[-]
Even fast LACP needs three seconds and that's on the same collision domain.

How does BGP actually detect a link is down? Keep alive default is 30s but that can be changed. If you set it to say one second, is that wise? Once a link is down, that fact will propagate at the speed of BGP and other routing protocols. Recovery will need a similar propagation.

Depending on where the link is, a second can be a "life time" these days or not. It really depends on the environment what an appropriate heart beat interval might be.

Also, given that BGP is TCP based, it might have to interact with other lower level link detection protocols.

reply
upvoteby zamadatix2 hours ago|
parent|
prev|
[-]
I have both my own multihomed ASN and operate my own nameservers. The latter has usually been about as fast for failover overall in practice. BGP may look to converge near instantly from your 2-3 peer outbound perspective but the inbound convergence from the 100k networks on the rest of the internet is much slower and has a long tail very akin to trying to set your DNS TTL to 0 and having the rest of the internet decide to do it slower for cache/churn reasons anyways.

The bigger problem, and where BGP multihoming is most handy, is it's just so much easier to get a holistic in+out failover where nothing really changes vs in DNS where it's more about getting the future inbound stuff to change where it goes. E.g. it's a pain to break an active session because the address had to change, even if DNS can update where the new service is quickly.

reply
upvoteby kortilla2 hours ago|
parent|
[-]
The long tail of routers receiving your update doesn’t matter. Once the common transit networks get it, that’s where the rest would dump the traffic to reach you anyway. The only time slow propagation to the edges matters is the first time announcing a prefix after it has been fully withdrawn.

Using the wrong route to get the packet in your general direction still gets you the packet as long as it hits an ISP along the way that got the update.

We could fully drain traffic from a transit provider in <60s with a withdrawal with all of the major providers you get at the internet exchanges. If you weren’t seeing that your upstream ISPs may have penalized you for flapping too much and put in explicit delays.

reply
upvoteby zamadatix1 hours ago|
parent|
[-]
<60s sounds about right as a general safe estimate. I just mean people should expect 1-2ish orders of magnitude more than <1s from a downed link with internet BGP upstreams in a multihomed situation.
reply
upvoteby seszett6 hours ago|
prev|
next
[-]
Honestly it's not free but it's really not that expensive. With RIPE it's about 75€ per year for the ASN and being multihomed is not really a problem, there are multiple services that will let you announce through them for free or very cheap. You don't have volume minimums.

I do agree it should be simpler, but it is accessible to individuals today.

reply
upvoteby zhouzhao8 hours ago|
prev|
next
[-]
I feel you. Us nerds have been ignored by modern day home user contracts.
reply
upvoteby 9 hours ago|
prev|
[-]
deleted
reply