On Thu, Mar 13, 2003 at 12:21:10AM -0500, Andy Dills wrote:
But then, if configuration of routers is automated, it would seem even easier to implement the route filtering. Verio has a history of being a prefix length nazi, but were they that way about route validity? Plenty of networks are stringent on what they accept from their customers, but are they as stringent with the routes they send?
Route filtering and route validation are not necessarily the same things. AFAIK, there are no scalable mechanisms for route validation deployed today. As far as route filtering is concerned, Verio currently does prefix filter many of its public peers based on IRR registrations. However, our experience to date indicates that filtering peer networks via IRR information is not a scalable solution. Some of the non-exhaustive reasons for this are: o platform performance limitations with large prefix lists (some do a better job, but they all fall short of acceptable, let alone ideal) o GIGO, aka IRR data sanity o lack of route registrations for large peer networks Due to this, our direction is to move away from IRR based peer route filtering. -dorian