Home page logo

nanog logo nanog mailing list archives

Re: NSPs and filters
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Sun, 13 Jul 1997 01:50:26 -0400 (EDT)

On Sat, 12 Jul 1997, Randy Bush wrote:

routers.  I'm just saying the net would be a MUCH nicer place if NSP's all
did ingress filtering on their customer connections.  If current routers
can't handle the load this would create, then NSP's need to find vendors
willing to deliver the necessary power, or they need to rethink the way
they design their networks.  

Most of my customers have customers who in turn have customers, not a few of
whom are multi-homed.  Same for UUNET, ...

So, at POP X, I take in maybe 100 prefixes, with maybe 1000 at some POPs.
How do I build and maintain that filter list, and how long does it take each
packet to get through it with a router that also does real routing?

I've got this big pile of money and hardware.  How do I turn it into an
international internet backbone?

A certain minimal level of network security should be a part of any
responsible network.  Perhaps its not practical to run with filters on
every router...especially core and big exchange routers.  But you can
strongly encourage (perhaps require) that all your customers enforce sane
filters where applicable.  Somewhere in the internet food chain, it is
very much practical to install filters, and someone needs to make sure
they are in place.
 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger jlewis () inorganic5 fdt net for PGP public key_______

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]