Re: Public shaming list for ISPs announcing other ISPs IP space bymistake

["Steven M. Bellovin" <smb () cs columbia edu>]

On Thu, 14 Aug 2008 22:42:04 -0400
Jean-Fran__ois Mezei <jfmezei () vaxination ca> wrote:

> Pardon my ignorance here, but wouldn't it be much simpler if the so
> called "tier 1" networks were to do the filtering work so that none of
> downstream BGP peers would see the bad announcements ?
>
> If some network in italy sends out some bogus route for a site, this
> should be blocked by a few tier 1 networks instead of by everybody at
> the bottom of the tree. Yeah, that would mean that folks in italy and
> whoever would have direct connections to that italian network would
> accept those bad BGP announcements, but the rest of the world would
> continue to work.
>
> "tier 1" networks like to brag about their importance within the
> internet, perhaps filtering bad announcments should be a
> responsability assigned to them, and which would further
> differentiate them from lesser networks.
Many of them -- most of them? -- do filter, to the extent that they
can.  However, they're in a poor position to do a complete job.

If your peer is an end site, it's easy to filter what they send you;
you know (or should know) what address blocks they have.  (Verifying
that they actually have the right to announce such blocks is a separate
and difficult question, but I won't get into that here.)  But what if
your peer is another Tier 1, or even a lower-level ISP?  How can you
filter then?  Another ISP can, will, and should announce routes to all
of its customers, and it's quite hard (impossible, really) for the Tier
1s to track their peers' customers.  Worse yet, some of these customers
may themselves be ISPs, with their own customers.  And if the peer of a
Tier 1 is another Tier 1, it's not even possible to imagine how they'd
know.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb