nanog mailing list archives
route filtering in large networks
From: Andy Dills <andy () xecu net>
Date: Wed, 12 Mar 2003 22:22:53 -0500 (EST)
On Wed, 12 Mar 2003, Randy Bush wrote:
we now return you to small operators trying to convince other small operators how they should run the route filters in their shops. imiho, if it is not automated by protocol, banana eaters will screw it up for sure. so, again imiho, this topic is about as likely to make progress as serious gender equity in my lifetime <sigh>.
Randy, you've run a huge network. I have not had that opportunity, and I don't have "banana eaters" working for me (and I'm not sure what that phrase means exactly, but I'll assume it isn't racial). I must not understand something. How would the banana eaters screw up applying the same prefix-list outbound to all neighbors? Seems like an easy protocol to follow. I could understand the problems with applying inbound filters (unique huge filter for each neighbor), but if you're willing to localize bogon routes to the border router, without redistributing them, you get the job done. So filter announcements to every neighbor. That way, only the places with lots of administration (places that will know to update filters) will need to worry about updating filters. Then, bogon traffic only flows as far as the default route takes it, without the ACL hit. I'm not telling people that this is the cure, that this is how they should run their network. I'm asking for the big operators to tell me what's wrong with this idea. In theory, it should work, but I don't have the pragmatism that comes with running a nationwide network staffed by banana eaters. If nothing else, it seems like a worthy stopgap until the next iteration of BGP comes along to really address the trust issues. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
Current thread:
- Re: 69/8...this sucks, (continued)
- Re: 69/8...this sucks Charles Sprickman (Mar 11)
- Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Richard A Steenbergen (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) wireworks (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Richard A Steenbergen (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Adam Rothschild (Mar 11)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Greg Maxwell (Mar 12)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 12)
- gender and nanog Randy Bush (Mar 12)
- route filtering in large networks Andy Dills (Mar 12)
- Re: route filtering in large networks Richard A Steenbergen (Mar 12)
- Re: route filtering in large networks Jack Bates (Mar 12)
- RE: route filtering in large networks Michael K. Smith (Mar 12)
- Re: route filtering in large networks Jack Bates (Mar 12)
- Re: route filtering in large networks Peter E. Fry (Mar 12)
- Re: route filtering in large networks Christopher L. Morrow (Mar 12)
- Re: route filtering in large networks Rob Thomas (Mar 12)
- Re: route filtering in large networks Randy Bush (Mar 12)
- Re: route filtering in large networks E.B. Dreger (Mar 13)
- Re: route filtering in large networks Lars Erik Gullerud (Mar 13)