In message <199609281508.IAA02192@falcon.netflight.com>, Matthew Petach writes:
Hi!
I'm going to ask the rest of the NANOG community for their thoughts/opinions on a problem that's been plaguing us periodically that we haven't been able to find a satisfactory solution for yet.
There's an ISP back on the East Coast that has been periodically advertising more specific routes for /24's out of our CIDR blocks and black-holing the traffic within their network.
We've called all the listed numbers for their technical, admin, billing, and any other contacts we can find, and haven't been able to reach a human; we've left messages of various levels of nastyness, from very sugary on up to vaguely threatening. In every case, including the current one, it's been more than 24 hours, and they still haven't made any response to the problem; in fact, I just got paged by our NOC early this morning informing me they've stolen another one of our /24's.
As you can well imagine, all the customers on those blocks are _very_ unhappy. Each time this happens, we end up with dissatisfied customers, many of whom leave, deciding that we're too unstable, and can't provide quality network connectivity, even though to the best of my knowledge, there's nothing we can do to prevent these people from stealing our blocks.
My question to the NANOG community is twofold and simple: Am I overlooking some solution that would allow us to 'negate' their advertisement of our blocks (205.159.193.0/24 and 207.88.102.0/24 in this case) and secondly, is there a formal process within the community to seek recompense, or formal action against a clueless and net-unfriendly ISP, perhaps one as simple as the net equivalent of Mennonite 'shunning'?
Or are we simply out of luck, and have to simply tell our customers "Sorry, everyone is at the mercy of the morons who can steal IP blocks simply by advertising more specific routes with higher weights?"
It's getting really tempting to advertise the networks they have their nameservers on from *our* network with a weight of 65535, just to get them to call us back. :-( :-(
Anyhow, enough frustrated venting, I *am* very interested in what the community feels is the best policy to follow in situations like this.
Thanks again!
Matt Petach Network Engineer (writing from home)
A good solution would be for providers to only accept routes registered in a routing database (the IRR) from those authorized to send them with hierarchical authorization within the database (as implemented by RIPE) and strong authentication (PGP as implemented by the RA) and top level authorization based on IANA or delegated address registry assignments. But you've heard this before. The best any one provider can do is to accurately populate the IRR and if possible (based on the limitations of their routers) put the IRR data into use in defining filters. Curtis