On Wed, 12 Mar 2003, Randy Bush wrote:
we now return you to small operators trying to convince other small operators how they should run the route filters in their shops. imiho, if it is not automated by protocol, banana eaters will screw it up for sure. so, again imiho, this topic is about as likely to make progress as serious gender equity in my lifetime <sigh>.
Randy, you've run a huge network. I have not had that opportunity, and I don't have "banana eaters" working for me (and I'm not sure what that phrase means exactly, but I'll assume it isn't racial). I must not understand something. How would the banana eaters screw up applying the same prefix-list outbound to all neighbors? Seems like an easy protocol to follow. I could understand the problems with applying inbound filters (unique huge filter for each neighbor), but if you're willing to localize bogon routes to the border router, without redistributing them, you get the job done. So filter announcements to every neighbor. That way, only the places with lots of administration (places that will know to update filters) will need to worry about updating filters. Then, bogon traffic only flows as far as the default route takes it, without the ACL hit. I'm not telling people that this is the cure, that this is how they should run their network. I'm asking for the big operators to tell me what's wrong with this idea. In theory, it should work, but I don't have the pragmatism that comes with running a nationwide network staffed by banana eaters. If nothing else, it seems like a worthy stopgap until the next iteration of BGP comes along to really address the trust issues. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access