Home page logo

nanog logo nanog mailing list archives

Re: The Gorgon's Knot. Was: Re: Verio Peering Question
From: Sean Donelan <sean () donelan com>
Date: Fri, 28 Sep 2001 19:02:19 -0400 (EDT)

On Fri, 28 Sep 2001, Sean M. Doran wrote:
| I also encouraged all other backbones to filter Verio as Verio filters them.

FWIW, I (continue to) encourage this too.   Filter more than Verio,
while you're at it.

I used to filter on both inbound and outbound.  I don't believe
filtering is inherently evil.  I believe just the opposite, it
is frequently necessary.  Especially in a world where you can't
verify route announcements and people occasionally announcing
every disaggreated network in the table.

Sprint had valid reasons for filtering.  They had several old AGS
routers, and didn't want to/couldn't upgrade them at the time to
one of the routers used by other backbone providers i.e. 7000/SSP.
To keep Sprint's network working, they filtered routes.  This is
an acceptable example of duct tape we've all needed to apply to
our networks at one time or another to keep everything tied together.

What annoyed me isn't the technical decision, but the marketing
blitz used to justify it as "saving the Internet."

No sales guy wants to say "because our routers can't handle the full
routing table."  Instead you get the revolving wheel of excuses like
  1) Because we are saving the Internet (false)
  2) Because ARIN/RIPE/APNIC makes us (false)
  3) Because our peering agreements require it (false)
Notice how it is always some third-party "forcing" them to do it.

If you want to save the Internet, filter both inbound and outbound.
Otherwise, don't pretend that's why you are doing it.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]