jeroen@unfix.org (Jeroen Massar) wrote:
Elmar K. Bins wrote: How can you calling yourself a 'fat-fingered jerk' upset me ? :)
;-)
These filters do not exist to blind out small PI assignments, they are in place to remove accidental leakage of IGP prefixes caused by some fat-fingered jerk like myself...
So you filter on a /24 because of IGP, thus you will leak out a /23?
Wrong train of thought. I am of course not leaking anything from my network (first, I train my fingers every day, so they don't get fat, second, I do not redistribute IGP prefixes). The /24 filters we are talking about here are filtering other people's longer-than-/24s out. The /24 filter is just a partly brain-damaged, partly geniously simple way of removing a lot of fat-fingering from my routing table (I am not one of the big transit ISPs, so I'm very happy with that).
Adding 8 or so prefixes doesn't really get noticed by many people, but adding 10k does.
There are companies that run a /20 or bigger nicely sliced into small networks (hundreds or thousands), and sometimes their IGP prefixes leak.
Filtering based on routing-DB information is thus much better than doing it based on some arbitrary limit.
The effort of rebuilding an appropriate ACL every day, the length of the ACL and the router processing degradation or - even worse - running into hard limits, alongside the "update how often?" question prohibit that largely. Of course, having an up-to-date ACL in sync with the routing databases would be the ideal solution, or would it? How many people don't register? How many DBs are there to track? Well... But you have distracted me from the matter at hand, so I repeat again that the /24 filters are not in place to filter out small PI blocks. It's not nice, it's not perfect, but it's there. So any authority that gives out networks (hello RIPE!) should consider everything longer than a /24 as "non routable", and not give out such blocks as v4 PI. Cheers, Elmi.