internet.com logo [an error occurred while processing this directive]
Fable Of Contents

ISP Tech Talk

by Avi Freedman

DNS Servers and Provider — Independent Address Space

First, A Correction

The price of the Highwind (www.highwind.com) news server is not $5,000, as printed in May, but $500. I wouldn’t be so excited if it were $5,000, but at $500 it represents a breakthrough and brings the ability to run an excellent news reading server to every ISP who can afford the bandwidth to pull a full news feed.

And if you want to save bandwidth and take a full news feed at no recurring cost, see www.isp-sat.com. (disclaimer—my company runs isp-sat.)

A TIP ON SETTING UP YOUR DNS SERVERS

As a kick-in to the next section, I’ll pass on a tip that could prove very useful to you, especially if you’re just getting started. The biggest problem with switching providers and having to renumber is getting your dial-up customers to change their parameters.

Assuming all of your dial-up customers get dynamically-assigned IP addresses, and if you’ve done a good job and have told your customers to use smtp .myisp.net; news.myisp.net; and pop3.myisp .net, all you have to do to renumber your dial-up customers is to tell them your new primary and secondary IP addresses.

THE TIP — I advise using addresses inside of the Class A address space 10.0.0.0, as this is the block most widely recognized as unroutable on the Internet.

What’s need about it? In addition to having “real” IPs on your DNS servers, alias each DNS server to a separate “fake” or “reserved” IP, and give these IPs out to your customers. Since IP addresses that are reserved are unroutable on the Internet, and are designed to be used for internal networks, you never need to change them once you tell them to customers.

For example, ns1.myisp.net would have 10.10.40.1 as a secondary IP, and ns2.myisp.net would have 10.254.254.1. By using IPs that are “far away” from each other inside of the 10.0.0.0 Class A, you run less risk of having customers using 10.0.0.0 address space for their own purposes and thus being unable to see your DNS servers. (If you had to, you could always tell them the “real” IPs of the servers, but you’d then have to tell them the new numbers if you have to renumber into new IP space.)

Another problem with this solution is that your customers won’t be able to use the DNS settings you give them when roaming to different cities. With proper customer education, this is not a big problem because they already have to change SMTP server settings if they roam (unless you’re running open SMTP relays, which is a major no-no).

NOTE: If you don’t understand that last paragraph, see www.vix.com/maps IMMEDIATELY! Unless you restrict access to your SMTP server to authorized uses and to people wishing to deliver mail to domains which you are handling, you will most assuredly become a spam relay and wind up with thousands of complain messages in the best case, and blackholing from some sections of the Internet in the worst case (www.vix.com/rbl).

A NOTE ABOUT IP ADDRESS SPACE

As I mentioned in the May 1998 column, the ARIN has recently made it much easier to get PI (“Provider-Independent”) IP address space. Once you’ve efficiently utilized 8 blocks of 256 IPs (also called “slash 24”s; “/24”s; and “Class C-sized block”s), you can get an allocation of 16 /24s and announce it to the world as 32 /24s (also called a /19).

Why is this important? Once you get PI space you’ll have a reasonable assurance of never have to renumber again. Why is the fact that you can now get a /19 more easily important? Because unless you do, certain parts of the Internet won’t “hear your route” (see the BGP columns in Spring of 1997).

Now, for the note — unless you have PI space you DO NOT HAVE PI SPACE!

The opposite of PI space is provider-assigned space. If you have IP space from your upstream providers, you DO NOT OWN THE SPACE. Just because you can multi-home with provider-assigned space (i.e. you can have a 2nd provider announce some /24s or other routes from IP space assigned by your 1st provider) does not mean that you can continue this if you stop buying connectivity from the 1st provider. Any ISP/NSP who does this will be censured in the global routing community.

So, you cannot get provider-assigned space announced if you leave that provider, unless you have a specific contractual assurance from that provider. For example, (blatant plug) Net Access allows our customers 90 days to renumber if they leave and are paid-up. Even so, there are some problems with this. 207.8.128.0/17 (a block of 128 contiguous /24s) is one of the ARIN/ Internet-assigned blocks of IP space (or “aggregates”) assigned to Net Access. Let’s say that ex-customer.net was assigned 207.8.132 .0/23 (a block of two contiguous /24s). Now they leave and go to other isp.net. Since some networks don’t listen to “small routes” like 207.8.132.0/23, those networks will only hear 207.8.128.0/17 and thus will send all packets to netaxs.net. If we’re nice, we’ll send those packets on to otherisp.net, which will then deliver them to ex-customer.net. The problem with this, of course, is that we are getting NO MONEY for providing partial Internet connectivity for our ex-customer!

So again, to repeat—unless you have PI space you DO NOT HAVE PI SPACE!

Now, what can netaxs.net do if ex-customer leaves and continue announcing routes? Well, immediately, we could shut off reverse DNS for your blocks. This means that your dial-up users will see slow connectivity and won’t be able to connect to some paranoid servers on the Net.

Then, we could announce 207.8.132 .0/23 as 207.8.132.0/24 and 207.8.133 .0/24, which will “beat” the 207.8.132 .0/23 announcement because they’re more specific advertisements. Of course, ex-customer could start advertising things as two /24s, but then there’s a big war and no one wins. netaxs.net can’t reassign the IP space, but ex-customer doesn’t have global reachability from it.

So what’s the upshot?

(1) Plan on renumbering within a week or two if you leave a provider, even if they royally screwed you in some way.

(2) Get in writing that you can have a migration period of 30-90 days if you leave a provider.

Next month we’ll talk about different kinds of leased lines (point to point, Frame Relay, and SMDS).

[an error occurred while processing this directive]

Copyright 1998 Mecklermedia Corporation.
All Rights Reserved. Legal Notices.
About Mecklermedia Corp.
Editor: Jack Rickard - Volume XI: Issue 7 - ISSN:1054-2760 - July 1998
13949 W Colfax Ave Suite 250, Golden, CO 80401
Voice: 303-235-9510; Fax: 303-235-9502

Fable Of Contents