nanog mailing list archives

Re: Blech!


From: Deepak Jain <deepak () ai net>
Date: Sat, 12 Feb 2000 14:11:08 -0500 (EST)



Alex -

        Have any of your peers complained? I can't imagine anyone caring
(strenuously) if a peer applies filters to bogus addresses. Every peer I
have dealt with for a matter like that, while it may take time to get to
the right people, have made no complaints about us doing the filtering or
even adding the filtering (on a temporary basis) to their own border/core
routers.

Deepak Jain
AiNET


On Sat, 12 Feb 2000, Alex Bligh wrote:


Paul,

Is it within the realm of possibility that ISP's will
start to craft SLA's, peering & transit agreements, to
include who is responsible for ingress filtering?

It is in the realm of fact. Our (*) agreements with our customers
specifically prevent them from sending packets with source
IP addresses outside agreed ranges, and have done for
close on 2 years. Our peering agreements (and this is in
the LINX template agreement too, which shares the same
author) have provisions which make the peer responsible
for ensuring they aren't sending spoofed source addresses.

I know several other people do this too. We have not yet
tested enforceability, though we have used the existence
of the clause to justify unilateral application of filters
in one or two occurrences.

(*) 'Our' in this context means GX Networks a.k.a.
     Concentric Europe. I am unfamiliar with the US
     situation.

-- 
Alex Bligh
VP Core Network, Concentric Network Corporation
(formerly GX Networks, Xara Networks)








Current thread: