On Thu, Mar 01, 2007 at 07:16:37AM -0800, Peter Thoenen wrote: [Thoenen seems to have clipped the attribution]
Perhaps, bogon acls are helpful when they are configured on backbone, but not
everywhere.
And if ever major backbones (read tier 2/3) would do so all us little guys wouldn't have to (yet for some reason I keep getting the odd hit in my acl logs from bogon space daily).
Yes I know they will defend this with "we sell unfiltered service" (which of course isn't true); I am just not convinced filtering bogon's would invalidate this any more than their MPLS QoS clouds do.
There are smaller internets that are large enough that one person is not managing all of the routers, but small enough that policy can be "MANAGED" across all of them. Some of these required implementation of the bogon lists. As they are small, this rarely changes - so when a change to the bogon list comes, some resist this as if an article of their faith were being challenged. Even within the group managing the backbone. As I'm STILL fighting skirmishes on this front, I'm less happy about bogon lists than I once was. "Leaf" networks should perform egress filtering, everyone knows that now [;-} we wish]. Service provider networks should probably filter on connections to the "customer" networks to allow only that customer's IPs, but on connections to "transit" networks to only eliminate the truly "unroutable" IP addresses such as RFC 1918. However, since it is not possible to require this or anything else on the public Internet, except by making sure that all routers are run by clueful people who have entered into mutual agreement to do this [sorry, dreaming again], this is not likely to happen. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.