I also encouraged all other backbones to filter Verio as Verio filters them.
FWIW, I (continue to) encourage this too. Filter more than Verio,
while you're at it.
Sean. (against representation without taxation 
)
I used to filter on both inbound and outbound. I don't believe
filtering is inherently evil. I believe just the opposite, it
is frequently necessary. Especially in a world where you can't
verify route announcements and people occasionally announcing
every disaggreated network in the table.
Sprint had valid reasons for filtering. They had several old AGS
routers, and didn't want to/couldn't upgrade them at the time to
one of the routers used by other backbone providers i.e. 7000/SSP.
To keep Sprint's network working, they filtered routes. This is
an acceptable example of duct tape we've all needed to apply to
our networks at one time or another to keep everything tied together.
What annoyed me isn't the technical decision, but the marketing
blitz used to justify it as "saving the Internet."
No sales guy wants to say "because our routers can't handle the full
routing table." Instead you get the revolving wheel of excuses like
1) Because we are saving the Internet (false)
2) Because ARIN/RIPE/APNIC makes us (false)
3) Because our peering agreements require it (false)
Notice how it is always some third-party "forcing" them to do it.
If you want to save the Internet, filter both inbound and outbound.
Otherwise, don't pretend that's why you are doing it.
Instead you get the revolving wheel of excuses like
you missed:
4. We are not paid to accept this crap
Date: Fri, 28 Sep 2001 23:53:45 +0100
From: Alex Bligh <alex@alex.org.uk>> Instead you get the revolving wheel of excuses like
you missed:
4. We are not paid to accept this crap
So your downstreams pay you to connect to:
+ Your AS only;
+ Some of the Internet, but with little concern re accessibility
of small networks;
+ The whole Internet with as much reliability as possible?
Oh, man, this is starting to sound like a peering policy
argument, in which some people believe that Internet traffic is
theoretically beneficial to both endpoints[1]. Or the reciprocal
compensation arguments that traffic is more beneficial to one
party...
[1] #include <exceptions-mentioned-by-paul-vixie.h>
I'm not arguing against filtering -- in and of itself, filtering
is good. There's enough bad BGP and IGP-to-EGP leakage that I'd
be worried if everyone allowed /32 announcements. But there's a
limit at the other end, too:
Maybe I'll filter anything longer than a /8... I'll also legally
my name to "!U" (pronounced "the network admin formerly known as
'Eddy Dreger') at the same time.
Eddy
To set the record straingt --
by the time Sprint instituted filtering policy, it had no AGS+es in the
core. Incidentally, Sprint was the first ISP to start deplyoing 7000s
(and discovering bugs in those - the instability caused by the forced
installation of the "latest and greatest" didn't make customers very
happy).
The reason for being very sensitive about routing tables was that ICM part
of things had quite arcane routing policies; and ability of AS1800 boxes
to process updates in a timely fashion was quite vital for keeping
US-Europe Internet connectivity up and running.
Marketing at that time was so clueless about Internet that they couldn't
even pronounce "routing filter", and definitely couldn't make a marketing
blitz out of it.
--vadim
The reason for being very sensitive about routing tables was that ICM part
of things had quite arcane routing policies; and ability of AS1800
boxes
to process updates in a timely fashion was quite vital for keeping
US-Europe Internet connectivity up and running.
Yeah, I know. Sometimes Sprint ICM was part of Sprint, other times it
was that "other" network Sprint just happened to manage.
Marketing at that time was so clueless about Internet that they couldn't
even pronounce "routing filter", and definitely couldn't make a marketing
blitz out of it.
Sprint kept the filters on for years afterwards. It may have taken
the clueless salespeople a few years, but they eventually did figure out
how to recite the magic words "buy your circuit from sprint and you
won't have problems with filters" was a way to win a sale. And who
could forget the popular "Don't buy a circuit from small ISP, because
they won't be able to get past the Internet filters." I went through
a half-dozen Sprint sales people in different parts of the country,
and by 1996 or so they all had the spiel down pat.
I know, I should have taped their sales calls.
No, i'm not trying to say that Sprint isn't a sleazy big corporation,
it is, like any other. Given the incentives sales people are given they
are actively discouraged from caring about company image or long-term
success. Meeting their quotas and making comissions - that's the name of
the game, and exploiting situation of not their making isn't below them.
But the decision what and how to filter had no marketing or sales input
whatsoever (people who know me better would say that in an attempt to
provide such "input" these sales or marketing people would be told to
pluck themselves in a hurry). It was a pure engineering necessity, and
Sean did a very good job handling it. Really saved the Internet, too.
Getting a large backbone beyond the stability threshold would've killed
more than just Sprint.
--vadim
Here we go again, but isolated and clearly this time:
Sprint had valid reasons for filtering. ...
^^^^^
Oh yeah? Did they think so? Who else has any voice in whether their
reasons were valid? Frankly my dear, if Sprint or any other provider
wanted to filter all prefixes containing an odd number of bits, and if they
thought they had a valid reason for doing so, then by definition, their
reasons would be valid. *Our* opinion of the validity (or not) of their
reasons would be *irrelevant*.
MIBH used to run with prefix filters. It didn't stop much but what it did
stop was worthless -- not just people chopping up their ARIN blocks, people
doing cheap distributed load balancing by emitting a prefix from multiple
locations as a way to do cheap distributed load balancing(*), but erroneous
garbage that never should have been there, and so, wasn't. At least in our
view of the net. Our customers were happy, so, so were we.
(*) if you want to do cheap distributed load balancing by faking multihoming
of a prefix, you'll need swamp space, which seems like a small fence to climb.
As in many things; the best path is someplace in the middle.