Re: Alpha test of MAE filtering capability

[Paul A Vixie <paul () vix com>]

> The solution that Mr. Feldman allows us to at least eliminate possible
> abuse from non peers.  If a peer chooses to commit such abuse, one can
> just terminate the peering session, ..., and add that entities IP address
> to the above mentioned filter list on the exhange point switch.
>
> We, who were recently a victim of such abuse, will definately use this
> feature as soon as it is made available.

I think that this is the wrong approach.  Better to monitor it, prove
that it happened, and remove offenders from the IXP's altogether.  The
IXP contracts should include just such a provision.

In CIX's case, we want to be able to send third-party BGP among members
so that those members will get eachother as next-hop and therefore get
better throughput (and put less load on the CIX routers.)

I've fought with this on PB-SMDS and now I'm seeing it on DEC PAIX.  We
should remove from the Internet community anyone who commits theft of
service by pointing default at someone else -- but we should not make
valid third party BGP topologies difficult or impossible.

Your fellow IXP members are deserving of your trust, until they show that
they aren't, and the paternalistic "let's remove the temptation" approach
is just offensive.
- - - - - - - - - - - - - - - - -