Sprint filters (yes really)

Sean Doran smd at sprint.net
Thu Jun 20 19:20:14 UTC 1996


-----BEGIN PGP SIGNED MESSAGE-----


Please note that the changes to Sprintlink's filtering
policies that Marc Hidalgo and I announced at NANOG have
been implemented, and should be visible as BGP sessions with
our external peers (MCI, ANS, Alternet, PSI et al.) reset
over time.

It is hoped that the changes won't be flawed, but any
oddities would be nice to know about.

The two and a half week delay in implementation is my own fault.

Note that the policy is now:

	[allow none of the RFC 1597 et succ. reserved addresses]
	in 0/8-126/8, allow no subnets of historical As
		      that were not announced in July 1995[*]
           127/8-191/8, allow nothing longer than /16 [*]
	   192/8-205/8, allow nothing longer than /24
	   206/8-223/8, allow nothing longer than /19
	   195/8 [RIPE block, 12 dec 95], allow nothing longer than /19
	[other RIPE and APNIC blocks that have begun
	being allocated from since July 1995 will also be
	filtered on the /19 boundary]

The principal change is that we used to disallow /19s in
207/8-223/8 and 195/8, and this was not in line with the minimal
allocation units performed by the three primary registries.

Please also note that we have also already accumulated
a couple of months of successful experience with
differential filtering, and will be both tightening up
the filtering in the newly unfiltered space and tweaking
the currently-used values up and down.

Very roughly speaking, the goal is that if you have a very
long prefix (like a /24), and it flaps a couple times, you
can go home for the day.  If you do even the slightest bit
of aggregation (into a /23, for example), then you are
much less likely to be dampened in the face of minor
flapping, and you will be dampened for less time.

Once you have aggregated enough addresses to comprise a
/18 or shorter prefix, you will be dampened with values 
very much in line with the default you get from Cisco's
"bgp dampening" command.

At the moment, you are much more likely to be dampened if
you are NOT a Sprint customer.  That is, the normal values
for "bgp dampening" are in place if you have a customer
connection to SprintLink or ICM.  However we will be
evaluating the engineering and operational effects that a
similar policy with respect to SprintLink customers,
as an effort to encourage some of our lazier customers
to begin doing their own aggregation wherever possible.

You may not be surprised that the success of this
differential dampening experimentation has played a large
role in the easing-up of our filtering policies.

	Sean.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Public Key in ftp://ftp.sprintlink.net/engineer/smd/pgpkey

iQCVAwUBMcmkVkSWYarrFs6xAQEblQQAg60neKgLSGpQZ2e0n67MRjVNd+eLDSaJ
Ceea+2bypM8V9QD6nTr6zEJ302qLrIK6b9e0lLmgFPpoUs1Rb3KDqv4ruAQKmkBo
dDu5NxIAlG9b+qvXTuocPA81y4+zWKMOaFHCPFNksMIzhA19pRYLndiuJqRifiHn
CQyAZGorrwQ=
=uyTH
-----END PGP SIGNATURE-----





More information about the NANOG mailing list