Home page logo

nanog logo nanog mailing list archives

Re: do not filter your customers
From: Randy Bush <randy () psg com>
Date: Sat, 25 Feb 2012 15:22:35 +0530

as would be solving world hunger, war, bad cooking, especially bad

route leaks, as much as i understand them
 o are indeed bad ops issues
 o are not security per se
 o are a violation of business relationshiops
 o and 20 years of fighting them have not given us any significant
   increase in understanding, formal definition, or prevention.

let me try to express how i see the problem.  to do this rigorously, i
would need to form the transitive closure of the business policies of
every inter-provider link on the internet.

why i say it is per-link and not just inter-as (which would be hard
enough) is that i know a *lot* of examples where two ass have different
business policies on different links.  [ i'll exchange se asian routes
with you in hong kong, but only sell you transit in tokyo.  we have two
links in frankfurt, one local peering and one international transit. ]

it is not just one-hop because telstra was 'supposed to' pass some
customers' customers' routes to optus.

i find this daunting.  but i would *really* like to be able to
rigorously solve it.  please please please explain to me how it is
simpler than this.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]