nanog mailing list archives

Re: route filtering in large networks

From: Dorian Kim <dorian () blackrose org>
Date: Thu, 13 Mar 2003 14:38:51 -0500


On Thu, Mar 13, 2003 at 12:21:10AM -0500, Andy Dills wrote:

But then, if configuration of routers is automated, it would seem even
easier to implement the route filtering. Verio has a history of being a
prefix length nazi, but were they that way about route validity? Plenty of
networks are stringent on what they accept from their customers, but are
they as stringent with the routes they send?


Route filtering and route validation are not necessarily the same things.
AFAIK, there are no scalable mechanisms for route validation deployed
today.

As far as route filtering is concerned, Verio currently does prefix filter
many of its public peers based on IRR registrations. 

However, our experience to date indicates that filtering peer networks via
IRR information is not a scalable solution. Some of the non-exhaustive reasons 
for this are:

o platform performance limitations with large prefix lists (some do a better
        job, but they all fall short of acceptable, let alone ideal)
o GIGO, aka IRR data sanity
o lack of route registrations for large peer networks

Due to this, our direction is to move away from IRR based peer route filtering.

-dorian

Current thread:

Re: route filtering in large networks, (continued)
- - - Re: route filtering in large networks Peter E. Fry (Mar 12)
    - Re: route filtering in large networks Christopher L. Morrow (Mar 12)
    - Re: route filtering in large networks Rob Thomas (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)
    - Re: route filtering in large networks E.B. Dreger (Mar 13)
    - Re: route filtering in large networks Lars Erik Gullerud (Mar 13)
    - Re: route filtering in large networks Alan Hannan (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)
    - Re: route filtering in large networks Andy Dills (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 13)
    - Re: route filtering in large networks Dorian Kim (Mar 13)
    - Re: route filtering in large networks Stephen Sprunk (Mar 13)
    - Re: route filtering in large networks Iljitsch van Beijnum (Mar 13)
    - IETF BOF on Network Configuration (netconf) Sean Donelan (Mar 13)
    - RE: Put part of Google on 69/8 (was Re: 69/8...this sucks) Vivien M. (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Jack Bates (Mar 12)
    - RE: Put part of Google on 69/8 (was Re: 69/8...this sucks) Vivien M. (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Andy Dills (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Valdis . Kletnieks (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Owen DeLong (Mar 13)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Owen DeLong (Mar 13)

(Thread continues...)