Important IPv6 Policy Issue -- Your Input Requested
Adam Rothschild
asr+nanog at latency.net
Tue Nov 9 22:34:55 UTC 2004
On 2004-11-09-17:10:02, "Network.Security" <Network.Security at target.com> wrote:
> We receive a disturbingly large amount of traffic sourced from the 1918
> space destined for our network coming from one of our normally
> respectable Tier 1 ISP's (three letter acronym, starts with 'M', ends
> with 'CI').
>
> This is particularly irritating since we pay for burstable service; nice
> that we are paying for illegitimate traffic to come down our pipes.
> Their answer to this issue was: our routers can't handle the additional
> load that filtering 1918 traffic would cause.
>
> That's odd, I didn't think routing to Null0 (or equivalent) was all that
> taxing, I don't want an ACL, I want it gone [...]
Null routes aren't going to stop packets with 1918 *sources* from
entering your network, I'm afraid. This is where ACLs come into
play.
And it's quite conceivable, on a network of MCI's size, there are
still peering and edge ports terminated by GSRs with engine 0 cards,
or 7500s, or other hardware where bogon filtering and/or reverse-path
validation really is a Big Deal(tm).
-a
(computing VJ's cell phone bill on the WRT54G as we speak)
More information about the NANOG
mailing list