69/8...this sucks -- Centralizing filtering..

• Previous message (by thread): 69/8...this sucks -- Centralizing filtering..
• Next message (by thread): 69/8...this sucks -- Centralizing filtering..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jon et al,

First I appreciate your message that you sent to us at NASA late Friday
regarding a new address block that you received from ARIN. In that message
you suggest that the issue was a BOGON route filter that had not been
updated. Then without allowing sufficient time to respond to your message
(you sent it to an administrative account and not the NOC) you decided to
flame NASA.

You could reach MANY NASA locations, but those at one particular center,
and that issue was related to a firewall update at ONLY one particular
center. This filter was placed in after August when the cental bogon was
removed at the ingress to the network.

If you feel that you have any issue reaching a NASA resource then you can
send a message to noc at nisn.nasa.gov and/or the tech/org/noc POC on any
address space. NISN is NASA's ISP and as such announce via AS297 that
address space.


> Now, how can we force that?  Sufficient reward for doing so, or
> pain for failure.  Evidently "some people can't reach you" isn't
> enough pain, and having full reachability isn't enough reward.

I think the only way that's relatively guaranteed to be effective is to
move a critical resource (like the gtld-servers) into new IP blocks when
previously reserved blocks are assigned to RIR's.

I still have a couple hundred thousand IPs to check (I'm going to step up
the pace and see if I can get through the list today), but I already have
a list of several hundred IPs in networks that ignore 69/8.  The list
includes such networks as NASA, the US DoD, and networks in China, Russia,
and Poland.  Those are just a few that I've done manual whois's for.

I haven't decided yet whether I'll send automated messages to all the
broken networks and give them time to respond and fix their filters, or
just post them all to NANOG when the list is complete.

Are people interested in seeing the full list (at least the ones I find)
of networks that filter 69/8?

Does Atlantic.Net get an ARIN discount for doing all this leg work? :)

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): 69/8...this sucks -- Centralizing filtering..
• Next message (by thread): 69/8...this sucks -- Centralizing filtering..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]