Policy Statement on Address Space Allocations

Then, some of you will ask how to enforce this. Once every so often, you
dump the BGP routing tables from strategic routers. If you see any
non-matching prefixes, you send an email to the network coordinator for
the allocated block giving them a set amount of time to clean it up. Any
routes which are not cleaned up by the deadline are added to a filter
list which could be carried on routers.

Sorry, *who* gets to play the net politzai? Registries have no control
over service providers, and service providers have insufficient
human resources to do that (and most won't do that anyway).

Note that updating exterior policy filters by a large ISP involves
carefully planned and timed update on some dozen-odd routers, so it is
not done often, and certainly won't be done just to punish some clueless

We'll be back shortly after the expected RA advertisement break...

Not speaking for Sprint.

Sorry, *who* gets to play the net politzai?

Well, I think someone who has considerable experience with a totalitarian
regime and a secret police state would be appropriate, wouldn't you, Vadim?



Is there some other method which would be as effective to destroy a
specific net's connectivity to the majority of the net? A few come to
mind right now:

  1) ip route <luser's address & mask> null0

    - has the disadvantage of adding an entry to the
                  routing table, and might cause other problems
                  if static routes are redistributed into BGP in
                  some fashion.

  2) ip filtering:

    - Probably uses more CPU than #1, but doesn't screw
                  with the routing tables.

       3) Something else?

Remember, the goal here is to get the registry to limit the number
of blocks allocated. Then, provide a method to require those
blocks to remain in one piece. I doubt that many people are going to not
react to a note such as the following: (maybe a little less technical)

  According to our records, you were allocated a block of
        64 addresses, otherwise known as an /18 block. When
        this was allocated, you were informed that you MUST
        announce this block to the internet in a single route.

  In the automatic scan of the routing table which took
        place on 01/01/1996, routes to the networks listed
        below were discovered in at least one backbone router:

  If the entries for any block(s) smaller than the original
        /18 allocation do not dissapear by 2/1/1996, the smaller
        block(s) will cease to function on the net for a period of
        30 days or longer. This will be accomplished through one
        of several means, including filtering the addresses on the
        backbone routers, etc.

  Thank you.

I doubt you're going to need to add many filters :slight_smile:

As far as who will run the programs to check for this, I'm sure that a
suitable home for the tools necessary could be found.