I agree totally with prefix-list filtering customers and we have done so from the very beginning. (Who wants to blemish the reputation of their ASN as result of a customer being a bonehead and announcing default, etc?) Provider<->Provider prefix-list filtering becomes much more involved however. When a provider has 400+ bilateral peering relationships, the time it takes to bring a new customer online who has their own address space grows substantially. It is no different when a provider obtains additional address space. If their peers are prefix-list filtering, they have to contact every peer to have them blast a hole in the filters for the new address block. In a perfect world, we would not need to filter, period. Filtering customers has become necessary to survival. I see Provider<->Provider filtering as a major hurdle to jump anytime your (or anyone elses) network expands in relation to prefixes being legitimately announced. --- John Fraizer EnterZone, Inc On Thu, 22 Jun 2000, Danny McPherson wrote:
I agree with this, and have seen the document, and have worked for large providers that performed prefix filtering on customers long before IOPS existed.
However, if every ISP performed prefix-based filtering between one another, it'd be improved "a lot more". I recall more than a few instances when providers inadvertently broke other providers customers by "mis-advertising" prefixes.
And if every ISP performed SA verification between one another (presumably with the same filters) it would again be improved "a lot" more.
-danny
If every ISP does prefix based filtering on its downstream customers, the integrity of the Internet routing system will be improved a lot. The document below proposes such a model: