[56762] in North American Network Operators' Group
Re: route filtering in large networks
daemon@ATHENA.MIT.EDU (Dorian Kim)
Thu Mar 13 14:40:19 2003
Date: Thu, 13 Mar 2003 14:38:51 -0500
From: Dorian Kim <dorian@blackrose.org>
To: Andy Dills <andy@xecu.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.44.0303130006370.80492-100000@thunder.xecu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, Mar 13, 2003 at 12:21:10AM -0500, Andy Dills wrote:
> But then, if configuration of routers is automated, it would seem even
> easier to implement the route filtering. Verio has a history of being a
> prefix length nazi, but were they that way about route validity? Plenty of
> networks are stringent on what they accept from their customers, but are
> they as stringent with the routes they send?
Route filtering and route validation are not necessarily the same things.
AFAIK, there are no scalable mechanisms for route validation deployed
today.
As far as route filtering is concerned, Verio currently does prefix filter
many of its public peers based on IRR registrations. 
However, our experience to date indicates that filtering peer networks via
IRR information is not a scalable solution. Some of the non-exhaustive reasons 
for this are:
o platform performance limitations with large prefix lists (some do a better
	job, but they all fall short of acceptable, let alone ideal)
o GIGO, aka IRR data sanity
o lack of route registrations for large peer networks
Due to this, our direction is to move away from IRR based peer route filtering.
-dorian