[OCCAID] Proposal for EINTAP

James james at towardex.com
Sat Jan 8 01:22:34 EST 2005 

On Fri, Jan 07, 2005 at 11:29:05PM -0500, Miles Nordin wrote:
> >>>>> "tm" == Tom McNeely <tom at cnacs.occaid.org> writes:
> 
>     tm> http://www.occaid.org/proposals/eintap.txt
> 
> dnsspam?!
> 
> It seems odd for an experimental network to have formal disciplinary
> procedures for a behavior that does no harm to others just because
> some people think it's unfashionable or juvenile.  Such procedures
> don't create a climate conducive to experimenting.  In my opinion
> members should be encouraged to do things with no practical value, and
> certainly shouldn't be ``disciplined'' for doing something harmless
> just because many people think it looks dumb.
> 
> I don't have any so-called ``DNS spam'' in my network right now, but I
> do have one guy that set his IPv6 address to ::dead:beef:dead:beef or
> something.  

> Next will that be forbidden too because someone thinks
> it's unfashionable or childish, or because ``IPv6 addresses were
> intended as opaque numerals for routing purposes only and were never
> meant to spell things''?

Nope. We have nothing against using creative numbering schemes with
IPv6 numbering plan. But this is DNS issue.

> 
> newsgroups like alt.wesley.crusher.die.die.die were tolerated even
> though they actually caused some extra disk seeks on the news server.
> Sysadmins bitched about it, but no reasonable person filtered out
> those groups or tried to ``discipline'' the creators.  By comparison,
> dnsspam is just stupid-looking and harmless.
> 
> The strict prohibition and dispute procedure for so-called DNS spam
> strikes me as a pet vendetta more ridiculous than the practice it was
> meant to stop.  I'm sorry if I'm stepping on someone's toes here, but
> I acutally find the attitude pretty disturbing and dangerous. 
> And
> this opinion is coming from someone who agrees long domain names that
> spell things are stupid and who doesn't do it.

I think that it is a good move to passively select what users are 
associated with OCCAID.  We have either a class of script kiddies
or class of people who actually want to do something productive, like
you, myself and many downstreams of ours.

There are two issues in here:

Currently, OCCAID's connection policy gives thorough control to the
JTC administrators with respect to who can connect to our network.
This process is done through the review of the ACD document.

However, the goal of the EINTAP is to offload some of the administrative
burden on the JTC members, and also to give more freedom for routing
policy and network experimentation by allowing downstreams with enough
infrastructure capacity, to operate their own experimental internets.

Because of giving this freedom, OCCAID will have little to no control
over who gets connected to the network, as individual connection 
policies will be managed by each EINTAP's. Sure, we can set a policy
or framework that every EINTAP can use to classify their new users, but
then we need to police each EINTAP to ensure compliance to the policies.
That is something we are not interested.

Most larger experimental and educational networks like the Internet2
project are able to avoid this by doing two things:

1. Only accept people with AS number and people with infrastructure.
   If OCCAID was to do this, we will need to disconnect 90% of all our
   downstreams, right now.

2. Require membership fee. If OCCAID was to do this, a non-wellknown
   project doing it is quite premature and we believe it will not
   encourage bringing in new users.


OCCAID has two options at best from my point of view:

  1. Charge for membership -- natural barrier against most childish
     and non-productive experimental internet use.

  -- or --

  2. Leave the way things are now, but provide basic framework to
     prevent childish and related abuse activities while giving
     as much freedom to the community. Because of free membership,
     people are allowed to congregate, and network abuse is 
     inevitable and it already happened.

Let's take a look at existing IPv6 tunnel brokers today who provide
free tunnels like OCCAID does. Many of them have faced network abuse
one way or another. The only other tunnelbroker who comes close to
OCCAID that is major is Hurricane Electric, who provides BGP4+
session as well for those interested. And IRC is completely
filtered. 

We can either deny dns-spam childish activity on our address space,
or block protocols and network traffic that are associated with
such activity.

Personally, I'd like to go for the former. I am against filtering
traffic on the backbone as to me it is a censorship.

Of course, people who have their own address space, like our 
downstream ISP customers, can feel free to do whatever they want
with *their* address space. They can dns-spam all they want and
we do not care unless there is extensive network abuse.

I am also open to other people's opinions. We'd like to count in
various opinions as well, instead of doing something just because
*we* think is right thing to do.

Couple other people also expressed concern that OCCAID is a censorship based
network who dislike protocols like IRC and news service. To answer their
concerns, OCCAID provides IPv6 transit to two major EFnet IRC servers at
free of charge, and peers exclusively with a few networks to improve news
traffic transported over IPv6. We DO support and have no problem with people
using IPv6 the way they want. However we DON'T people using OUR address space
to act like 7 year olds.

Thanks,
-J

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                      Boston IPv4/IPv6 Web Hosting, Colocation and
james at towardex.com            Network design/consulting & configuration services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

More information about the Occaid mailing list