North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Important IPv6 Policy Issue -- Your Input Requested

  • From: Adam Rothschild
  • Date: Tue Nov 09 17:35:55 2004

On 2004-11-09-17:10:02, "Network.Security" <[email protected]> wrote:
> We receive a disturbingly large amount of traffic sourced from the 1918
> space destined for our network coming from one of our normally
> respectable Tier 1 ISP's (three letter acronym, starts with 'M', ends
> with 'CI').
> 
> This is particularly irritating since we pay for burstable service; nice
> that we are paying for illegitimate traffic to come down our pipes.
> Their answer to this issue was:  our routers can't handle the additional
> load that filtering 1918 traffic would cause.
> 
> That's odd, I didn't think routing to Null0 (or equivalent) was all that
> taxing, I don't want an ACL, I want it gone [...]

Null routes aren't going to stop packets with 1918 *sources* from
entering your network, I'm afraid.  This is where ACLs come into
play.

And it's quite conceivable, on a network of MCI's size, there are
still peering and edge ports terminated by GSRs with engine 0 cards,
or 7500s, or other hardware where bogon filtering and/or reverse-path
validation really is a Big Deal(tm).

-a 
 (computing VJ's cell phone bill on the WRT54G as we speak)