Home page logo
/

nanog logo nanog mailing list archives

Re: using IRR tools for BGP route filtering
From: John Fraizer <nanog () EnterZone Net>
Date: Thu, 22 Jun 2000 16:05:54 -0400 (EDT)



I agree totally with prefix-list filtering customers and we have done so
from the very beginning.  (Who wants to blemish the reputation of their
ASN as result of a customer being a bonehead and announcing default, etc?)
Provider<->Provider prefix-list filtering becomes much more involved
however.  When a provider has 400+ bilateral peering relationships, the
time it takes to bring a new customer online who has their own address
space grows substantially.  It is no different when a provider obtains
additional address space.  If their peers are prefix-list filtering, they
have to contact every peer to have them blast a hole in the filters for
the new address block.

In a perfect world, we would not need to filter, period.  Filtering
customers has become necessary to survival.  I see Provider<->Provider
filtering as a major hurdle to jump anytime your (or anyone elses) network
expands in relation to prefixes being legitimately announced.


---
John Fraizer
EnterZone, Inc


On Thu, 22 Jun 2000, Danny McPherson wrote:



I agree with this, and have seen the document, and have worked for 
large providers that performed prefix filtering on customers long
before IOPS existed.  

However, if every ISP performed prefix-based filtering between one 
another, it'd be improved "a lot more".  I recall more than a few 
instances when providers inadvertently broke other providers customers 
by "mis-advertising" prefixes.  

And if every ISP performed SA verification between one another 
(presumably with the same filters) it would again be improved "a 
lot" more.

-danny

If every ISP does prefix based filtering on its
downstream customers, the integrity of the Internet
routing system will be improved a lot. The document
below proposes such a model:

http://www.iops.org/Documents/routing.html






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault