[ncc-services-wg] Re: [address-policy-wg] New Draft Document: De-boganising New AddressBlocks

I fully agree with that. Most of all, the problem of filters is not located at ISP borders, but
mostly at customers borders (e.g. small hosting companies) who do not update their filters, and
who often have no idea what they are useful for.

Andre is right, the best solution is definitely not to filter bogons.

We have recently been allocated a /13 in 83/8, and now we have to deal with many many many
customers complaining not to be able to reach many sites (expsecially in US). I'm very angry
about RIPE and IANA allocating those blocks too quickly, without any vision of consequences for
LIRs, and without any communications going down from Tier1 to the smallest company.


--On mardi 24 février 2004 17:36 +0100 Andre Oppermann <oppermann at pipeline.ch> wrote:

> Michael.Dillon at radianz.com wrote:
>> 
>> > The RIPE NCC has prepared a draft document titled "De-Bogonising New
>> > Address Blocks":
>> 
>> That is a misleading title.
>> 
>> The problem is that ISPs cannot react quickly enough
>> to open filters when new ranges are allocated. The proposed
>> solution is to provide advance notification. I suppose this
>> could allow ISPs to open filters before the new addresses
>> are actually in use officially.
> 
> ISPs should not filter the IANA reserved IP ranges but only the
> Martians stuff that is defined to be unrouteable.  Everything
> else is causing more problems than it solves.  Otherwise we
> wouldn't have this discussion over and over again each time
> a RIR opens a fresh /8.
> 
>> However, it will also allow spammers to announce this
>> space and get it through bogon filters.
> 
> There is no way you can block spammers by filtering the IANA
> reserved ranges.  There are many other ways spammers can set
> up bogon netblocks.  For example there are many netblocks which
> are assigned/allocated by the RIRs but never announced in the
> global routing system.  Just walk the prefix table of current
> /8s used by the RIRs and use the holes to send your spam.
> 
> Again, the cure of filtering is worse than the desease of not
> filtering.
> 
>> The real solution to this problem is to make it
>> possible for ISPs to closely track RIR allocations
>> in their filters in a semi-automated way. There may
>> still be a few days of delay before a new allocation
>> is fully routable but ISPs can compensate for that
>> with internal processes.
> 
> There is no way every ISP is going to follow that and adjust
> his filters within "a few days".
> 
>> Why can't ISPs subscribe to a feed of all new
>> RIPE allocations in near real-time?
> 
> Just don't filter IANA reserved space.  It's that easy.
> 
> -- 
> Andre
> 



--
Jerome Fleury     Tiscali France
Network Engineer  Tel: +33 1 45082314