Re: Alpha test of MAE filtering capability
I don't think filters are a problem for third party routing as long as the third party routing is not done in secret. If I am sending you third party routes for someone, and you know it because I tell you I am and you agree to let me, then you can open your filters to the source port for those routes. Third party routes that are being done without the knowledge of the traffic target are a bad thing and shouldn't be done anyway... -Dorn
It's not that hard to write a script that temporarily points a static route for an unregistered address at each of the machines at a meet point. By tracerouting to that address you can detect if someone is pointing default at you.
The script does not have to be a very CPU intensive operation, and if it is run once a day, it ought to provide a fairly good clue as to whether or not someone is abusing your network.
I would like to stay away from port filtering except as a last resort. I think that there are far too many unforeseen problems and complications in debugging. And for better or worse it would require the removal of all third party routing which I would guess is pretty common at the Mae's.
Scott Blandford IBM Global Network
I don't think filters are a problem for third party routing as long as the third party routing is not done in secret. If I am sending you third party routes for someone, and you know it because I tell you I am and you agree to let me, then you can open your filters to the source port for those routes. Third party routes that are being done without the knowledge of the traffic target are a bad thing and shouldn't be done anyway...
In the third party routes scenario you describe above it is not just an issue of you telling me that you are sending my third party routes and me opening my filters. You must also tell the third party that you are sending me their routes. Then they can open their filters to allow my traffic. All in all I see this as a huge complication in the underlying structure of the Mae's. I would be detrimental to the interconnects if ISP's used filtering as a general practice. It is a great feature to have as a way to stop an abuse that has been detected and maybe even as a punishment for abusive ISP's, but lets leave out the extra layer of complication unless it really adds something to the network Scott Blandford IBM Global Network
participants (2)
-
ALAN DORN HETZEL JR
-
scottb@carfax.ims.advantis.com