Home page logo

nanog logo nanog mailing list archives

Re: Alpha test of MAE filtering capability
From: Paul A Vixie <paul () vix com>
Date: Thu, 30 Jan 1997 19:16:32 -0800

The solution that Mr. Feldman allows us to at least eliminate possible
abuse from non peers.  If a peer chooses to commit such abuse, one can
just terminate the peering session, ..., and add that entities IP address
to the above mentioned filter list on the exhange point switch.

We, who were recently a victim of such abuse, will definately use this
feature as soon as it is made available.

I think that this is the wrong approach.  Better to monitor it, prove
that it happened, and remove offenders from the IXP's altogether.  The
IXP contracts should include just such a provision.

In CIX's case, we want to be able to send third-party BGP among members
so that those members will get eachother as next-hop and therefore get
better throughput (and put less load on the CIX routers.)

I've fought with this on PB-SMDS and now I'm seeing it on DEC PAIX.  We
should remove from the Internet community anyone who commits theft of
service by pointing default at someone else -- but we should not make
valid third party BGP topologies difficult or impossible.

Your fellow IXP members are deserving of your trust, until they show that
they aren't, and the paternalistic "let's remove the temptation" approach
is just offensive.
- - - - - - - - - - - - - - - - -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]