Mark Prior wrote:
It's not the route filters per se, it's the fact that the principle we use is if you don't announce the route to us we won't accept traffic sourced by that network. Saying that you are the source for the network but not advertising the route doesn't cut it.
Not so fast, there are situations when you are authorized to have a certain chunk of address space but elect not to advertise it a certain way for whatever reason. Maybe someone has a pipe that they want to use for outbound traffic only and they don't want to use it at all inbound traffic, and as a result, they don't advertise their routes across it. What justification do you use for dropping traffic that falls into this category? Obviously, I wouldn't want a situation where I could simply give my provider a list of addresses for them to permit without checking that I'm authorized - providers should always check that their customers are authorized to use the blocks they intend to use. I'll put it this way: filtering should be done against blocks that a customer can announce, not against blocks that a customer is actively announcing. If you're filtering purely against current advertisements, you're bound to break something sooner or later. Mark