[c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]

Fri Nov 10 06:25:05 UTC 2006

At 06:58 PM 11/9/2006, you wrote:
>automatic systems are fine if you decide you want to do them, i was 
>specifically responding to the author who suggested he would build 
>the filters himself, my point was that this seemingly good intention 
>is in fact causing real operational problems on The Internet right 
>now as anyone receiving addresses from newly allocated blocks will attest to

Since I am the OP, I never said that filtering bogons was a miracle 
cure all. If we put static bogon filters on customer routers, I would 
agree that would be stupid and would cause maintenance and routing 
problems. As an ISP several assignments from formerly bogon blocks, I 
agree and understand your point. However, we are religious about 
updating our bogon filters and we never block legitimate traffic or 
announcements. Bogon filtering is just one thing among many which I 
think should be done. Following BCP38 and filtering what comes in 
from customers and transit/peer connections all help to ensure that 
you aren't part of the problem to the community or to your own 
clients. The original poster who I replied to stated that it appeared 
that some traffic of unknown origin on a private address was being 
routed across his network between routers and he didn't have any 
routes for that network in his routing tables. My response was that 
those announcements and traffic should be filtered at his edge. This 
turned into a thread about whether filtering was a good thing or not 
which in my mind is absurd. However, if you run a network and want to 
accept traffic from bogon and RFC1918 space over your customer, 
peering, and transit connections then that's your problem. I just 
choose to not make it mine.

-Robert

Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin