[32261] in North American Network Operators' Group
Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
daemon@ATHENA.MIT.EDU (john heasley)
Wed Nov 15 16:37:00 2000
Date: Wed, 15 Nov 2000 13:33:26 -0800
From: john heasley <heas@shrubbery.net>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Message-ID: <20001115133326.D10339@shrubbery.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20001115210238.17296.cpmta@c004.sfo.cp.net>; from sean@donelan.com on Wed, Nov 15, 2000 at 01:02:38PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Nov 15, 2000 at 01:02:38PM -0800, Sean Donelan darkened my spool with the following:
>
> On Wed, 15 November 2000, john heasley wrote:
> > i think all agree that filtering large/teir 1 peers (let's assume teir 1 is
> > defined as a peer who sends a large number of routes, ie: ignore the
> > business BS) the way customers are/should be filtered (by exact match prefix)
> > is impossible with the hardware (and/or implementations) available today.
>
> Five years ago there wasn't a single IP router capable of doing OC48 either.
>
> How do we fix this?
>
> 1) Convince large/tier 1 peers to include full route table filter requirements
> in their purchasing when deciding whether to buy Cisco or Juniper?
>
> 2) Pass the Internet Stability Act of 2000 mandating full peer filters by
> 2002, and providing for civil fines by any affected party against any tier
> one not in compliance? Any router vendor not in compliance will be removed
> from the GSA purchasing schedule.
>
>
> This is a very old problem folks. We've known about several solutions for years.
>
>
great, that must be why these problems dont occur. which solution are
you using? i'm not flinging s*!@ over the fence; i'm truely interested.
