Someones being naughty again...

Sean Donelan SEAN at SDG.DRA.COM
Mon Mar 16 09:32:00 UTC 1998


>The upstreams should certainly be filtering this.  I am truly surprised
>someone is still leaking a ten/8 network to the world.

I'm not surprised someone is still leaking a 10/8 network.  Remember "Trust,
but verify...." I'm surprised anyone on this list would still be accepting
10/8 (and admit it).

In-bound filters are as important as out-bound filters.  And out-bound
filters are as important as in-bound filters.  Its a fact of life, everyone
makes mistakes.  It doesn't matter if it is an upstream, downstream, or
sideways connection.  There have been mistakes made in all directions.
You need filters on both sides, in both directions.

This is why its important to know what your upstream, downstream and
sideways connections should be announcing, otherwise it is very difficult
to tell when one of your upstream, downstream or sideways connections
announces something they shouldn't.  Of course, finding out what they
should be announcing, storing the list on your router, and finding enough
CPU to process the access lists, is another topic.  See previous thousand
messages on that topic.

This isn't rocket science, its management science.
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation



More information about the NANOG mailing list