Policy Statement on Address Space Allocations
Forrest W. Christian
forrestc at imach.com
Sat Jan 27 04:45:14 UTC 1996
On Fri, 26 Jan 1996, Vadim Antonov wrote:
> >Then, some of you will ask how to enforce this. Once every so often, you
> >dump the BGP routing tables from strategic routers. If you see any
> >non-matching prefixes, you send an email to the network coordinator for
> >the allocated block giving them a set amount of time to clean it up. Any
> >routes which are not cleaned up by the deadline are added to a filter
> >list which could be carried on routers.
>
> Sorry, *who* gets to play the net politzai? Registries have no control
> over service providers, and service providers have insufficient
> human resources to do that (and most won't do that anyway).
>
> Note that updating exterior policy filters by a large ISP involves
> carefully planned and timed update on some dozen-odd routers, so it is
> not done often, and certainly won't be done just to punish some clueless
> luser.
Is there some other method which would be as effective to destroy a
specific net's connectivity to the majority of the net? A few come to
mind right now:
1) ip route <luser's address & mask> null0
- has the disadvantage of adding an entry to the
routing table, and might cause other problems
if static routes are redistributed into BGP in
some fashion.
2) ip filtering:
- Probably uses more CPU than #1, but doesn't screw
with the routing tables.
3) Something else?
Remember, the goal here is to get the registry to limit the number
of blocks allocated. Then, provide a method to require those
blocks to remain in one piece. I doubt that many people are going to not
react to a note such as the following: (maybe a little less technical)
According to our records, you were allocated a block of
64 addresses, otherwise known as an /18 block. When
this was allocated, you were informed that you MUST
announce this block to the internet in a single route.
In the automatic scan of the routing table which took
place on 01/01/1996, routes to the networks listed
below were discovered in at least one backbone router:
208.128.128.0/18
208.128.132.0/24
If the entries for any block(s) smaller than the original
/18 allocation do not dissapear by 2/1/1996, the smaller
block(s) will cease to function on the net for a period of
30 days or longer. This will be accomplished through one
of several means, including filtering the addresses on the
backbone routers, etc.
Thank you.
I doubt you're going to need to add many filters :)
As far as who will run the programs to check for this, I'm sure that a
suitable home for the tools necessary could be found.
-forrest
More information about the NANOG
mailing list