Re: dsl providers that will route /24

[Steve Noble <snoble () sonn com>]

On Thu, Mar 29, 2001 at 09:31:31PM -0800, John Payne wrote:
> If a global transit free network can ingress filter all of their customers,
> without CPU or other logistic problems, I'd be surprised if the majority
> of ISPs on this list can't do otherwise.  OK, if you're UUNET and providing
> connectivity to a load of ISPs, you might not be able to filter those
> customers, but you can require that they filter their customers.

I'm not saying that some or most ISP's can't do it, I'm saying that not
_ALL_ can, so the global statements that there is no reason not to do not
apply.  Many people have older hardware that works just fine for customer
traffic but would not stand up to filters.  

If I'm pressed to choose between a router/switch that does a better job
of providing connectivity to my customers and one that can do line speed 
ACL's.. You know which one I'll choose.  I'm not going to chose my hardware 
just because it can filter.  Even Cisco is releasing hardware that can't
do what you are saying, go look at the Engine 4 card, the latest, greatest
from Cisco.  Should I stop my network deployment just to be able to filter?
Should I take the depreciation hit just so I can filter customers in the 
future and dump these cards, losing my investment?  I can't see it, sorry.

> > Now that's a very broad statment that's just not true.  There are reasons
> > that packets with a source address not assigned to an ISP may come across
> > the link and be valid, look at DirectPC.
>
> "Apart from the address block we've assigned you, will you be using 
> addresses in netblocks of other providers?  For example, you might
> have a connection to another ISP, or you might be using DirectPC"

That's fine, but do you do it with everyone?  For example I have a T1
and DSL in my house, my DSL provider could care less that I have another
connection, but if I feel like it, is there any reason I shouldn't send
traffic out the DSL link that is source from IP's only routed over my T1?

> > Past that if the customer has customers who have blocks assigned from other
> > providers, this becomes a huge and almost impossible to manage real-time
> > list.  Big filter lists hit router cpu's, and cost human time.  And remember
> > this isn't like filtering BGP customers where if the route doesn't get 
> > through it's not always a big deal, you are _dropping_ packets that may
> > be valid.
>
> And the CPU cost is tiny.  Netflow switching reduces it even more.

That's wholy dependent on the hardware fire up some filters on a Engine 4
card and tell me this :)

-- 
-------------------------------------------------------------------------------
: Steven Noble / Network Janitor / Be free my soul and leave this world alone :
:   My views = My views != The views of any of my past or present employers   :
-------------------------------------------------------------------------------