Sabri Berisha wrote:
I am concerned. Concerned about people and companies who think they are in the position to be net.gods and for political reasons destroy the free character of the internet.
I've been involved for over 20 years, and don't remember this "free character". Perhaps there is a language translation problem? That also applies to the use of the word "terrorism"?
In the history of the internet, people have been trusting each other.
When? I remember the RFCs on policy based routing over a decade ago. Have you read them?
In my opinion, announcing a netblock using BGP4 is making a promise to carry traffic to a destination within that netblock. If you feel that parts of that network are against your ethics or AUP, you should not be announcing such a netblock.
Announcing a netblock doesn't promise that every address in that block exists or is reachable. A network that is blocked for AUP violations doesn't "exist", and usually returns the ICMP message "Unreachable -- Administratively Prohibited" specifically designed for such situations. Have you read "Router Requirements"?
Above.net is blocking a host in UUnet IP space. ...
194.178.232.55/32. --> this tester is part of a /16 belonging to uunet, and sends traffic which is in violation of our AUG. we complained to uunet without any effect. if we have blocked access from this /32 to our backbone, we are within our rights.
After this mail, we contacted Above.net again. They basically told us it was for our own protection because that traffic from that host does not comply to their AUP. We specifically told them we really don't mind them blackholing that host but *announcing* a route for it. So far no response.
Where did they announce a "host route"? I thought you said they announce a route to an netblock -- an entire /16? It seems from the email that they clearly stated that the traffic was in violation of the AUP. We all block specific sites that harm our networks. Otherwise, there would be no capacity left for our customers. It's the "policy" part, for which BGP was designed. Go read the design RFCs. If you are participating in tests with 194.178.232.55 (relaytest.orbs.vuurwerk.nl), then you need a private connection to that specific site, just as many academic sites test unstable network software. Expensive, but shouldn't be too bad considering that both of you are in the Netherlands.... WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32