nanog mailing list archives
Re: using IRR tools for BGP route filtering
From: Jessica Yu <jyy_99 () yahoo com>
Date: Thu, 22 Jun 2000 11:33:19 -0700 (PDT)
If every ISP does prefix based filtering on its downstream customers, the integrity of the Internet routing system will be improved a lot. The document below proposes such a model: http://www.iops.org/Documents/routing.html --Jessica --- Danny McPherson <danny () tcb net> wrote:
i emphatically DO NOT think that large providersshould filter otherpeers. i think the large providers should filtertheir own announcements,by carefully verifying what a downstream wishes toannounce beforeaccepting it, filtering the customerannouncements, and aggregating theirannouncements to peers.I believe Randy's point is that it'd be really nice to filter prefixes learned from peers, but even if the routing databases were up to date, reliable and useful, the routers can't perform the policy matches against filters fast enough. And I agree completely. The fact that pretty much any network with an AS number could take any Internet subnet completely offline in a matter of -- what, ~8 minutes(?), intentionally or unintentionally, well, I think it's pretty amazing. The only way a service provider can protect their customers from this is by applying prefix-based filtering to all their peers. Of course, this requires valid, accessible, up to date IP registration information. It also routers that can store hundreds of thousands of lines of policies. Then, the routers have to be able to perform matches on the policies when processing updates. All this is at the "control plane". Then, ideally, the routers would be able to utilize the same set of policies to perform packet filtering functions in the "data plane", which is even more interesting. These two components alone would make the overall Internet infrastructure far more reliable and secure than it is today, no doubt.i think its silly to try and regulate the worldfrom ones own corner.regulate your corner, and encourage others to dothe same. i don't care ifsaid encouragement is by tacit agreememnt, orbound up in legealese inpeering agreements.I don't think it's silly at all to regulate the policies one employs in in their network in order to increase overall destination availability to ones customers. Policies of this nature only require support of the network that implements them. Other than requiring peers to keep registry information up to date, they impact the peer networks no way whatsoever. -danny
__________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- Re: using IRR tools for BGP route filtering, (continued)
- Re: using IRR tools for BGP route filtering jhsu (Jun 21)
- Re: using IRR tools for BGP route filtering Randy Bush (Jun 21)
- Re: using IRR tools for BGP route filtering bmanning (Jun 21)
- Re: using IRR tools for BGP route filtering jhsu (Jun 21)
- Re: using IRR tools for BGP route filtering Austin Schutz (Jun 21)
- Re: using IRR tools for BGP route filtering cengiz (Jun 21)
- Re: using IRR tools for BGP route filtering Austin Schutz (Jun 21)
- Re: using IRR tools for BGP route filtering gerald (Jun 22)
- Re: using IRR tools for BGP route filtering John Fraizer (Jun 22)
- Re: using IRR tools for BGP route filtering Jeff Haas (Jun 23)
- Re: using IRR tools for BGP route filtering Mark Borchers (Jun 23)
- Re: using IRR tools for BGP route filtering Jeff Haas (Jun 23)
- Re: using IRR tools for BGP route filtering Mark Prior (Jun 25)
- Re: using IRR tools for BGP route filtering Dana Hudes (Jun 25)
- Re: using IRR tools for BGP route filtering Joe Provo - Network Architect (Jun 25)