Home page logo

nanog logo nanog mailing list archives

Re: The Gorgon's Knot. Was: Re: Verio Peering Question
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sat, 29 Sep 2001 01:32:00 +0000 (GMT)

Date: Fri, 28 Sep 2001 17:30:15 -0700 (PDT)
From: Sean M. Doran <smd () clock org>

[ snip ]

| + The whole Internet with as much reliability as possible?

if #3 then what's the problem with:

      ip as-path access-list 1 permit _badguy_
      route-map fix-badguy permit 10
       descr proxy-aggregate the networks who are "holey"
       match as-path 1
      router bgp my-as
       aggregate-address bad.guy.blo.ck1 as-set suppress-map fix-badguy
       aggregate-address bad.guy.blo.ck2 as-set suppress-map fix-badguy

And one aggregates a lone /24 with what?  Again, my point (and I
believe Patrick's) is that there are valid reasons for an entity
without a PI /20 to multihome.  Filter the /24s, and we have a

Of course, I guess that AT&T, PSI, BBN, etc. can save their
multihomed downstreams from certain filtration by... allocating
more IP space in 60/8 through 66/8, or from "class C" space.  How

So, rather than make a subtle change that some backwards ISPs never
even noticed, a more forceful change (filtering) was made, and everyone
noticed that, but more because of the continuing bad PR about how evil
and rapacious it was to filter in the first place.


Maybe I need to use more emoticons.  The part where I said that
filtering is a good thing -- _to a certain extent_ -- was

| Maybe I'll filter anything longer than a /8...

Please do, and tell us what you CAN'T reach after you throw
away all the longer prefixes, and if you care after you 
install a default or proxy-aggregate, or whatnot to try to
retain connectivity to those "extraneous info" destinations.

...and I _certainly_ hope that nobody believed me on this one.
Filtering longer than /8 is clearly stupid.  Filtering /32 is
clearly a good thing.  Now, where do we draw the line?

Do we filter multihomed /24s?  I vote that's unacceptable.  As
Patrick pointed out... if _all_ major carriers filtered _all_
/24 adverts, one would essentially be single-homed to one's IP
space provider.

Back to "route to the whole Internet with as much reliability as
possible".  I contend that someone purchasing bandwidth wants to
maximize reliability to _all_ of the Internet.  Someone selling
bandwidth should deliver.

I offer the overused example of AS11643... they're just basement
multihomers with /24, /23, and /22 prefixes.  Clearly those
adverts deserve to be filtered. *waves big sign stating "sarcasm

If EXDS routing were fscked, how does one reach 216.32.120/24?
Assume for the sake of this discussion that one cannot hear /24s
via 701, 1239, or 6461.  [How much is eBay paying XO to carry its
longer prefixes?]

So:  Where do we draw the line on filtering?


Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]