nanog mailing list archives
Re: Policies: Routing a subset of another ISP's address block
From: Jesper Skriver <jesper () skriver dk>
Date: Fri, 7 Apr 2000 20:09:41 +0200
On Wed, Apr 05, 2000 at 12:29:53PM -0400, Jim Duncan wrote:
Jesper Skriver writes:I don't see the logic behind refusing the customer a request of this sort.Exploding routing tables, and it makes it impossible to do anti-spoofing filters ...It's only a problem if the ISPs expect to handle transit traffic from the customer. I suspect that most multi-homed customers do _not_ intend nor desire to carry traffic from one provider to another over their own network.
No, this is not correct. Lets assume provider A has x.x.0.0/16 assigned, and deny any traffic with a souce address within this range on all peering (and transit) links, and lets assume, that customer Z get's provider B to announce x.x.10.0/24 for him, this means that the customer Z cannot reach anything on provider A's network in the case where the link to provider A fails.
Apologies if I've misunderstood the discussion, but with regard to anti-spoofing of source addresses, a multi-homed non-ISP customer on the edge of the network is no different from a single-homed customer: you filter so that all packets leaving that network meet the criteria for packets sourced on that customer's network.
Yes, but you also need to make sure that others cannot spoof source addresses that you has declared to be spoofing safe (so people can trust the source address for authentication purposes).
Of course, the best way to implement this is for the _customers_ to implement this filtering on all the interfaces of all their routers. That's where there's going to be router CPU to spare, and if they did that, then the ISPs wouldn't have to worry about it.
/Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
Current thread:
- Re: Policies: Routing a subset of another ISP's address block, (continued)
- Re: Policies: Routing a subset of another ISP's address block Alexei Roudnev (Apr 05)
- Multi-homing - service provider issues Dustin Goodwin (Apr 06)
- Re: Multi-homing - service provider issues Adrian Chadd (Apr 06)
- Re: Policies: Routing a subset of another ISP's address block Alexei Roudnev (Apr 05)
- Re: Policies: Routing a subset of another ISP's address block Daniel L. Golding (Apr 05)
- Re: Policies: Routing a subset of another ISP's address block Jesper Skriver (Apr 07)
- RE: Policies: Routing a subset of another ISP's address block Dmitri Krioukov (Apr 07)
- Re: Policies: Routing a subset of another ISP's address block Jesper Skriver (Apr 07)
- Re: Policies: Routing a subset of another ISP's address block Phillip Vandry (Apr 05)
- Re: Policies: Routing a subset of another ISP's address block Randy Bush (Apr 05)
- Re: Policies: Routing a subset of another ISP's address block Jesper Skriver (Apr 07)
- Re: Policies: Routing a subset of another ISP's address block Jesper Skriver (Apr 07)
- Re: Policies: Routing a subset of another ISP's address block Jesper Skriver (Apr 07)
- RE: Policies: Routing a subset of another ISP's address block Greene, Dylan (Apr 07)
- RE: Policies: Routing a subset of another ISP's address block Dmitri Krioukov (Apr 07)
- The ol' upstream workaround [WAS:Policies: Routing a subset...] Brian Wallingford (Apr 07)
- Re: The ol' upstream workaround [WAS:Policies: Routing a subset...] Brian Candler (Apr 08)
- Re: The ol' upstream workaround [WAS:Policies: Routing a subset...] Jesper Skriver (Apr 09)
- RE: Policies: Routing a subset of another ISP's address block Dmitri Krioukov (Apr 07)
- RE: Policies: Routing a subset of another ISP's address block Hank Nussbacher (Apr 08)
- Re: Policies: Routing a subset of another ISP's address block Niels Chr. Bank-Pedersen (Apr 08)
- Re: Policies: Routing a subset of another ISP's address block Alexei Roudnev (Apr 08)