[ppml] Bogons etc...

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Thu Jan 22 07:09:36 EST 2004

>So Michael and Leo please stop trying to sell us a generic host-based
>filtering scheme based on LDAP or DNS, it just does not work nor scale,
>both because nothing can handle every host querying the DNS/LDAP servers
>and nothing can even handle a single host querying the DNS/LDAP server
>for each packet either.

I'm not trying to sell you a generic host-based filtering scheme based
on anything. 

I am trying to sell you a scheme for the RIRs to publish their
authoritative directory of IP address allocations using some sort
of technology like LDAP that people can hook up to a wide variety
of systems that need to know whether or not an IP address range is
legitimately allocated. This includes email systems and peering
routers and firewalls. And if someone wants to cache this data
on their own internal LDAP server and do host-based filtering
then that's their business.

>Filtering IP packets or datagrams is a layer 3 deal, it's done on a
>router not on a host, and the feed of the filtering information is a BGP

Tell that to the firewall industry.

>Grow up, that's what both the theoricians and the operators with
>tons of operational experience say. That's why layer violations
>generally _and_ in this case are a BAD idea, period.

I don't happen to worship at the altar of ISO.

--Michael Dillon

More information about the ARIN-PPML mailing list