Has PSI been assigned network 1?
Karl Denninger, MCSNet
karl at mcs.com
Sat Apr 22 00:47:44 UTC 1995
> Karl wrote:
> > Fascistic filtering breaks connectivity.
> Please explain this. I do not think that strict filtering of routes
> necessarily detracts from sustained connectivity. While it may decrease the
> elasticity of the net, and it may delay the time for new networks to be
> connected, properly thought out routing policies can properly effect sturdy,
> efficient networks.
Sure. Routing policies are not the same thing as fascistic filtering.
If your policy amounts to preventing certain prefixes from being announced
to your network then you have by definition made it impossible to reach
those sites from your backbone.
This breaks connectivity.
> > So you trade a *risk* of broken connectivity for KNOWN broken connectivity?
> Yes, actually, I would. It comforts me to know that there are two more
> hurdles placed in network X's way so that our routes can not be spoofed across
> the world.
But your routes *can* still be spoofed. This is the problem.
Until and unless you can define exactly what the locus of "your routes" is,
you have the problem. The route server approach *tries* to define this, and
in fact it probably does (or can do) a reasonable job. Absent this kind of
registry, filtering announcements may *appear* to make things more stable,
but it fails to provide the widest connectivity and in fact just makes sites
> > Sounds like a poor trade to me, and one which, undertaken consciously and
> > with knowledge of the repercussions, leaves you with being less than a full
> > Internet connectivity provider.
> By filtering the routes that an ISP allows they are less than a full ISP?!!?
> Alan Hannan (402) 472-0241 MIDnet Inc.
Filtering the *announcements* that an ISP will honor, without being able to
verify whether or not they are really bogus, does exactly that.
If you want some kind of assurance that prefixes being advertised are legit,
then you need a routing-registry type-of-service. This service requires
that the users and people putting in the data that it crunches trust it
I am not expressing an opinion here as to whether or not the current
efforts in this area fill the requirement lists that people have. I am,
however, saying that if you filter without *knowing* that the filters pass
all legit prefixes (an impossible task unless you're omniscient) you will
break connectivity in many specific cases.
Karl Denninger (karl at MCS.Net)| MCSNet - The Finest Internet Connectivity
Modem: [+1 312 248-0900] | (shell, PPP, SLIP, leased) in Chicagoland
Voice: [+1 312 248-8649] | 7 POPs online through Chicago, all 28.8
Fax: [+1 312 248-9865] | Email to "info at mcs.net" for more information
ISDN: Surf at Smokin' Speed | WWW: http://www.mcs.net, gopher: gopher.mcs.net
More information about the NANOG