BGP Even-More Specifics in 2017

Long Prefixes

Following Geoff's post on IPv4 disaggregation, let's revisit IPv4 prefixes even longer than a /24. ARIN's allocation policy for 23.128.0.0/10 permits allocations no larger than a /24 but no smaller than a /28, and the RIPE NCC holds four experimental allocations from this block.

The RIPE NCC advertises six long prefixes drawn from these allocations, all originating from ASN12654. The purpose of these allocations is to allow us to test routability and reachability of IPv4 prefixes longer than a /24, with and without the presence of route objects in the routing registry, and also to test reachability on the data plane. More on the prefixes can be found in the first RIPE Labs article in this series, and a first look at the measurement data in this follow-up post.

Given IPv4 exhaustion, are small IPv4 allocations more useful today than they were in the past? At the moment, less than 1% of 23.128.0.0/10 has been allocated and none of those allocations were smaller than a /24. If smaller allocations were made, how useful would they be for public routing?

RIPE RIS, and BGP visibility

First, let's get an idea of how much of the network can see the prefixes. Let's look at the fraction of RIS (RIPE Routing Information Service) peers that observe the six prefixes:

The vertical dashed line indicates where the graph in the previous RIPE Labs article ends.

The first, and most obvious, thing to note is that visibility of the longer prefixes hasn't changed much over the years. At best, we might expect a /25 to be visible by around a quarter of all peers! That's not great if you want global reachability.

Also worth noting is the clear drop in visibility between 21 and 22 of February 2017. On looking at the AS PATHs visible before and after this date, we see it primarily affects paths that we observe via ASN3333 (RIPE NCC) which stop propagating those prefixes after this date. You can playback the event in BGPlay, but here we can also show AS paths before the event:

And after the event:

Upon investigating the drop, it seems the reason is that AS3333 switched from using the traditional AMS-IX route-servers to their new Falcon-class route-servers. These route servers provide stronger filtering (using IRRdb and RKPI information), but are not used by as many AMS-IX members.

Visibility Elsewhere

The visibility above represents what RIPE RIS collectors observe, and as we have seen can be affected by how we peer. So what do people see from other vantage points? Let's look now at alternative route collectors, and then also look at active measurements from Atlas probes.

Route Views

The Route Views project is another source of archived BGP data, offering additional vantage points from which to observe prefix propagation. On May 1st, Route Views collectors observe similar visibility to RIS collectors:

Prefixes with route objects:

Prefixes without route objects: 

So the same pattern holds here: the /24s propagate widely as we'd expect, but the /25s and /28s have limited visibility. The longer prefixes that have route objects in the routing registry propagate farther than those that don't, a slight advantage for networks when they want to advertise a longer prefix onto the public network.

Packet Clearing House

Packet Clearing House (PCH) provides BGP table dumps for route collectors located in IXPs around the world. Many of these are not full tables: 89 out of 135 observe fewer than 100,000 unique prefixes; only 8 see more than 300,000 unique prefixes, and only one appears to have a full table.

Given the above, on 1 May the PCH dataset contains the /24 with the route object in 11 of the BGP table dumps. If we consider that to be the baseline, how many tables contain more prefixes? The tables on that date observe the following:

• Two tables (ecix-fra, lga) contain only the /24 with the route object
• Two tables (netix, mcix) contain both /24s but none of the /25s or /28s
• Six tables (fra, iad, lhr, mia, ord, pao) contain all of the advertisements with the route objects, but only the /24 from the advertisements without route objects
• One table (ams) sees all six of the advertisements (note, ams is adjacent to ASN3333)

So a similar pattern is observed here, in that there are common cases where a route object will assist the propagation of a long prefix, even if they will not propagate as far as a /24.

Active Measurements from RIPE Atlas probes

Operating within each BGP advertisement, we have one address which is responsive and intended as a target for active measurements. We've been running traceroutes from all active RIPE Atlas probes towards those IP addresses since the prefixes were advertised. This gives us insight into how reachable the address space actually is, from a broad sample of the public network. Let's look at the proportion of probes that have data-plane reachability to these prefixes:

Here, we see similar ratios as in the BGP data, affected slightly by factors such as which networks RIPE Atlas probes are located within. One thing that is interesting is that there is an equivalent drop in successful traceroutes on 2 February 2017, corresponding with the dates noted above. In the case above, RIS collectors lost those prefixes because they only propagated via ASN3333; given the lack of path diversity in those cases, it may be reasonable to assume that paths were not available elsewhere to maintain reachability.

Review

Even in light of IPv4 exhaustion, the conventional wisdom is that we should not advertise IPv4 prefixes longer than a /24 to the global network because they won't achieve full coverage. The data bears this out. Over the last two and a half years, the visibility of these prefixes appears to be pretty consistent. Further, the lack of path diversity perhaps makes these prefixes less stable even in the places they are visible.

The data does show, however, that long prefixes advertised with a corresponding route object do propagate farther than their counterparts without, and also that /25s will propagate farther than /28s. But most operators would consider even the best case to not be useful at all, and the picture isn't tremendously different to the infamous Youtube prefix hijack in 2008.

But will this change? As we squeeze IPv4 even further, will we reach a point where networks only have a /25 (or less) with which to front their NAT64? Further, this is only the state of play for public routing. We know that some networks will accept prefixes of any size (for example, NTT's filtering policy is here) but won't forward anything longer than a /24 to peers, implying scope for some types of traffic engineering. Beyond that use case, is there a case for maintaining the conventional wisdom for public routing over most IPv4 space, while permitting longer prefixes within specific ranges such as 23.128/10?

Please let us know if you have questions about this work or our use of this address space. Is there value in continuing to advertise these prefixes?

Data Sharing

All of the ongoing measurement data for the active measurements is available from these measurements pages:

• Traceroutes to 23.128.24.1: https://atlas.ripe.net/measurements/1767679/
• Traceroutes to 23.128.25.1: https://atlas.ripe.net/measurements/1767680/
• Traceroutes to 23.128.25.241: https://atlas.ripe.net/measurements/1767681/
• Traceroutes to 23.128.124.1: https://atlas.ripe.net/measurements/1767682/
• Traceroutes to 23.128.125.1: https://atlas.ripe.net/measurements/1767683/
• Traceroutes to 23.128.125.241: https://atlas.ripe.net/measurements/1767684/