North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NSPs and filters

  • From: Jon Lewis
  • Date: Sun Jul 13 02:00:54 1997

On Sat, 12 Jul 1997, Randy Bush wrote:

> > routers.  I'm just saying the net would be a MUCH nicer place if NSP's all
> > did ingress filtering on their customer connections.  If current routers
> > can't handle the load this would create, then NSP's need to find vendors
> > willing to deliver the necessary power, or they need to rethink the way
> > they design their networks.  
> 
> Most of my customers have customers who in turn have customers, not a few of
> whom are multi-homed.  Same for UUNET, ...
> 
> So, at POP X, I take in maybe 100 prefixes, with maybe 1000 at some POPs.
> How do I build and maintain that filter list, and how long does it take each
> packet to get through it with a router that also does real routing?

I've got this big pile of money and hardware.  How do I turn it into an
international internet backbone?

A certain minimal level of network security should be a part of any
responsible network.  Perhaps its not practical to run with filters on
every router...especially core and big exchange routers.  But you can
strongly encourage (perhaps require) that all your customers enforce sane
filters where applicable.  Somewhere in the internet food chain, it is
very much practical to install filters, and someone needs to make sure
they are in place.
 
------------------------------------------------------------------
 Jon Lewis <[email protected]>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger [email protected] for PGP public key_______