On Sun, 23 Apr 1995 12:33:54 -0500 (CDT) you said:
Hank,
Enduser filtering (CERN) is in principle completely different from what we (might if not possible else) do:
I am not supposed to filter anything between meetpoints and customers, because I agree to some people who pay for it to provide Internet access.
I would filter nothing at all (curretnly do filter nothing), which does not mean that my suport hosts and networks are open. Filtering comes alo into place when customers want only access between certain networks, but in general
NSPs/ISPs are not supposed to filter at all.
Routing is different. We filter routing updates (not access filters) to accelerate BGP convergence. We filter what we announce to the outside world (of course not all the trash we get in).
I don't filter outgoing routing updates to speed BGP convergence. I do it so as not to pollute the Internet with leaked bad nets. It has happened to me and has happened to everyone. Just look at the recent nets that Australia was leaking. If the routing access lists were automatically created every day based on the data in the routing DB, then this would not happen. Of course, no one can force you but your service provider can filter what he/she hears from you based on the same rules. Then you have a double secure routing scheme.
Mike Michael F. Nittmann nittmann@wis.com
Hank Nussbacher