Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
Sean Donelan
sean at donelan.com
Sun Mar 4 21:48:50 UTC 2007
On Sun, 4 Mar 2007, Mikael Abrahamsson wrote:
>> Instead of dropping packets with unallocated sources addresses, perhaps
>> backbones should shutdown interfaces they receive packets from unallocated
>> address space. Would this be more effective at both stopping the sources
>> of unallocated addresses; as well as sources that spoof other addresses
>> because the best way to prevent your interface from being shutdown by
>> backbone operators is to be certain you only transmit packets with your
>> source addresses.
>
> uRPF or plain source-based filtering for the IP blocks allocated to the
> customer is enough. Shutting it down doesn't make any commercial sense,
> customers wont buy your service if their port is going to be shut down due to
> a single packet. They'll (likely) understand if you won't forward a packet
> from them which has a source address not not belonging to them, though.
When customers misconfigure their router, e.g. wrong BGP neighbor or ASN,
wrong interface IP address, exceed max prefix limit, etc; don't they lose
Internet connectivity until they fix it?
A properly configure router should never forward even a single bad
packet. If it does, isn't it likely to have configuration problems so
why continue to keep misconfigured routers connected?
Customers are unlikely to fix problems which don't cause them to lose
service.
More information about the NANOG
mailing list