RE: dsl providers that will route /24

[John Fraizer <nanog () Overkill EnterZone Net>]

On Tue, 27 Mar 2001, David Schwartz wrote:

>       I'm sure we've all heard stories of major network disruptions being caused
> by this type of filtering policy. ISP1 filters routes it hears from
> CUSTOMER1. So the fact the CUSTOMER1's filters are broken is never noticed.
> Then one day, ISP1 accidentally breaks its filters. Boom!

Um, look at what you wrote.  Filter breaks, Boom.

We egress filter on our customers routers and ingress filter on our
routers.  That way, in the event of either breaking down, there is
(hopefully) still an appropriate filter in place to prevent a Boom!


>       Filtering should be a last resort if there is no other way to accomplish
> the desired goal or where small misconfigurations on the other end have the
> ability to cause massive damage in a very small amount of time. Filtering
> should _never_ be used to hide a real problem unless there is absolutely no
> other option. In this case, there are *many* other options.
>
>       DS

Forgive me if I (and the vast majority of the network ops I know) don't
subscribe to this point of view.  Filter, Filter, Filter.  If you want to
know about broken customer filters, filter on their ingress to your
network with logging.

Flat out not filtering just so you know when "there is a problem" is, in
my humble opinion, irresponsible network administration.  


---
John Fraizer
EnterZone, Inc