On Fri, 26 Jan 1996, Vadim Antonov wrote:
Then, some of you will ask how to enforce this. Once every so often, you dump the BGP routing tables from strategic routers. If you see any non-matching prefixes, you send an email to the network coordinator for the allocated block giving them a set amount of time to clean it up. Any routes which are not cleaned up by the deadline are added to a filter list which could be carried on routers.
Sorry, *who* gets to play the net politzai? Registries have no control over service providers, and service providers have insufficient human resources to do that (and most won't do that anyway).
Note that updating exterior policy filters by a large ISP involves carefully planned and timed update on some dozen-odd routers, so it is not done often, and certainly won't be done just to punish some clueless luser.
Is there some other method which would be as effective to destroy a specific net's connectivity to the majority of the net? A few come to mind right now: 1) ip route <luser's address & mask> null0 - has the disadvantage of adding an entry to the routing table, and might cause other problems if static routes are redistributed into BGP in some fashion. 2) ip filtering: - Probably uses more CPU than #1, but doesn't screw with the routing tables. 3) Something else? Remember, the goal here is to get the registry to limit the number of blocks allocated. Then, provide a method to require those blocks to remain in one piece. I doubt that many people are going to not react to a note such as the following: (maybe a little less technical) According to our records, you were allocated a block of 64 addresses, otherwise known as an /18 block. When this was allocated, you were informed that you MUST announce this block to the internet in a single route. In the automatic scan of the routing table which took place on 01/01/1996, routes to the networks listed below were discovered in at least one backbone router: 208.128.128.0/18 208.128.132.0/24 If the entries for any block(s) smaller than the original /18 allocation do not dissapear by 2/1/1996, the smaller block(s) will cease to function on the net for a period of 30 days or longer. This will be accomplished through one of several means, including filtering the addresses on the backbone routers, etc. Thank you. I doubt you're going to need to add many filters :) As far as who will run the programs to check for this, I'm sure that a suitable home for the tools necessary could be found. -forrest