I fully agree with that. Most of all, the problem of filters is not located at ISP borders, but mostly at customers borders (e.g. small hosting companies) who do not update their filters, and who often have no idea what they are useful for. Andre is right, the best solution is definitely not to filter bogons. We have recently been allocated a /13 in 83/8, and now we have to deal with many many many customers complaining not to be able to reach many sites (expsecially in US). I'm very angry about RIPE and IANA allocating those blocks too quickly, without any vision of consequences for LIRs, and without any communications going down from Tier1 to the smallest company. --On mardi 24 février 2004 17:36 +0100 Andre Oppermann <oppermann@pipeline.ch> wrote:
Michael.Dillon@radianz.com wrote:
The RIPE NCC has prepared a draft document titled "De-Bogonising New Address Blocks":
That is a misleading title.
The problem is that ISPs cannot react quickly enough to open filters when new ranges are allocated. The proposed solution is to provide advance notification. I suppose this could allow ISPs to open filters before the new addresses are actually in use officially.
ISPs should not filter the IANA reserved IP ranges but only the Martians stuff that is defined to be unrouteable. Everything else is causing more problems than it solves. Otherwise we wouldn't have this discussion over and over again each time a RIR opens a fresh /8.
However, it will also allow spammers to announce this space and get it through bogon filters.
There is no way you can block spammers by filtering the IANA reserved ranges. There are many other ways spammers can set up bogon netblocks. For example there are many netblocks which are assigned/allocated by the RIRs but never announced in the global routing system. Just walk the prefix table of current /8s used by the RIRs and use the holes to send your spam.
Again, the cure of filtering is worse than the desease of not filtering.
The real solution to this problem is to make it possible for ISPs to closely track RIR allocations in their filters in a semi-automated way. There may still be a few days of delay before a new allocation is fully routable but ISPs can compensate for that with internal processes.
There is no way every ISP is going to follow that and adjust his filters within "a few days".
Why can't ISPs subscribe to a feed of all new RIPE allocations in near real-time?
Just don't filter IANA reserved space. It's that easy.
-- Andre
-- Jerome Fleury Tiscali France Network Engineer Tel: +33 1 45082314