> Fascistic filtering breaks connectivity.
Please explain this. I do not think that strict filtering of routes
necessarily detracts from sustained connectivity. While it may decrease the
elasticity of the net, and it may delay the time for new networks to be
connected, properly thought out routing policies can properly effect sturdy,
Sure. Routing policies are not the same thing as fascistic filtering.
If your policy amounts to preventing certain prefixes from being announced
to your network then you have by definition made it impossible to reach
those sites from your backbone.
This breaks connectivity.
> So you trade a *risk* of broken connectivity for KNOWN broken connectivity?
Yes, actually, I would. It comforts me to know that there are two more
hurdles placed in network X's way so that our routes can not be spoofed across
But your routes *can* still be spoofed. This is the problem.
Until and unless you can define exactly what the locus of "your routes" is,
you have the problem. The route server approach *tries* to define this, and
in fact it probably does (or can do) a reasonable job. Absent this kind of
registry, filtering announcements may *appear* to make things more stable,
but it fails to provide the widest connectivity and in fact just makes sites
> Sounds like a poor trade to me, and one which, undertaken consciously and
> with knowledge of the repercussions, leaves you with being less than a full
> Internet connectivity provider.
By filtering the routes that an ISP allows they are less than a full ISP?!!?
Alan Hannan (402) 472-0241 MIDnet Inc.
Filtering the *announcements* that an ISP will honor, without being able to
verify whether or not they are really bogus, does exactly that.
If you want some kind of assurance that prefixes being advertised are legit,
then you need a routing-registry type-of-service. This service requires
that the users and people putting in the data that it crunches trust it
I am not expressing an opinion here as to whether or not the current
efforts in this area fill the requirement lists that people have. I am,
however, saying that if you filter without *knowing* that the filters pass
all legit prefixes (an impossible task unless you're omniscient) you will
break connectivity in many specific cases.