Please Check Filters - BOGON Filtering IP Space

Jared Mauch jared at
Thu Jan 20 14:53:31 UTC 2005

On Thu, Jan 20, 2005 at 08:16:14PM +0530, Suresh Ramasubramanian wrote:
> On Thu, 20 Jan 2005 09:42:54 -0500, Jared Mauch <jared at> wrote:
> >         No, cisco providing a time sensitive feature like this
> > implies free upgrades to repair this critical defect.  Just like
> > they give out free software to people without contracts when
> > they have a major security vulnerability.
> > 
> >         Seems like this falls in the same category to me.
> Analogies suck, but look at (for example) Norton AntiVirus.  You pay
> for a year of virus definition updates.  Then when the year runs out,

	Yes, but this is protection of an end-host/end-node, not
a portion of the global internet infrastructure.  Bad features like
this and bad behaviour are serious issues when they cause these
ripple effects.  It's flat-out defective software to me.

	This hurts Ciscos reputation that they are causing
pockets of the internet to not work.  Next subnets to get allocated
will increase the size of those pockets and so on.  Then the internet
will become less reliable as an end-to-end transport medium, hurting

	At minimum, cisco should be offering free software updates to
people who have the older releases through something simple like
a updated maint release of software (same ver they have running
but with *CORRECT* filters), but doing the minimum isn't
always the best thing as most of us know.  Providing a reliable
mechanisim for this to happen is important, and possibly something
that Cisco could productize and sell a for-fee monthly subscription for
(a bgp feed or somesuch like what Team CYMRU provides is an example)
but there are those (Hi Rob & Co.) doing it for free already, so
the key is getting the blackholes minimized that exist today.  If
there is software that I can download from CCO that hasn't
been deferred that has these old filters in it, Cisco is being a
poor net.citizen IMHO.

	I'm not saying this to trash cisco, many people there know that,
but the important thing is insuring that the global internet isn't
further harmed, and as more allocations are done the harm becomes
greater and it hurts every single person in this industry, providers
and vendors alike.

	- Jared

Jared Mauch  | pgp key available via finger from jared at
clue++;      |  My statements are only mine.

More information about the NANOG mailing list