Re: Policy Statement on Address Space Allocations

["Forrest W. Christian" <forrestc () imach com>]

On Fri, 26 Jan 1996, Vadim Antonov wrote:

> > Then, some of you will ask how to enforce this.  Once every so often, you 
> > dump the BGP routing tables from strategic routers.  If you see any 
> > non-matching prefixes, you send an email to the network coordinator for 
> > the allocated block giving them a set amount of time to clean it up.  Any 
> > routes which are not cleaned up by the deadline are added to a filter 
> > list which could be carried on routers.  
>
> Sorry, *who* gets to play the net politzai?  Registries have no control
> over service providers, and service providers have insufficient
> human resources to do that (and most won't do that anyway).
>
> Note that updating exterior policy filters by a large ISP involves
> carefully planned and timed update on some dozen-odd routers, so it is
> not done often, and certainly won't be done just to punish some clueless
> luser.

Is there some other method which would be as effective to destroy a 
specific net's connectivity to the majority of the net?  A few come to 
mind right now:

        1)      ip route <luser's address & mask> null0 

                - has the disadvantage of adding an entry to the 
                  routing table, and might cause other problems
                  if static routes are redistributed into BGP in
                  some fashion. 

        2)      ip filtering:

                - Probably uses more CPU than #1, but doesn't screw
                  with the routing tables.

       3)     Something else?

Remember, the goal here is to get the registry to limit the number 
of blocks allocated.  Then, provide a method to require those 
blocks to remain in one piece.  I doubt that many people are going to not 
react to a note such as the following:  (maybe a little less technical)

        According to our records, you were allocated a block of
        64 addresses, otherwise known as an /18 block.  When 
        this was allocated, you were informed that you MUST
        announce this block to the internet in a single route.

        In the automatic scan of the routing table which took
        place on 01/01/1996, routes to the networks listed 
        below were discovered in at least one backbone router:

        208.128.128.0/18
        208.128.132.0/24

        If the entries for any block(s) smaller than the original
        /18 allocation do not dissapear by 2/1/1996, the smaller
        block(s) will cease to function on the net for a period of
        30 days or longer.  This will be accomplished through one
        of several means, including filtering the addresses on the
        backbone routers, etc.

        Thank you.

        
I doubt you're going to need to add many filters :)

As far as who will run the programs to check for this, I'm sure that a 
suitable home for the tools necessary could be found.

-forrest