[ppml] Fwd: Keeping in reserve
kloch at kl.net
Thu Oct 5 16:41:12 EDT 2006
Iljitsch van Beijnum wrote:
> [Originally to ppml, CC to address-policy at ripe, prune as necessary]
> On 5-okt-2006, at 18:17, David Conrad wrote:
>> Is there any reason PI /48s shouldn't be allocated with the
>> bisection method, thus removing the need to reserve space?
> The goal of filtering in BGP is either to keep out accidentally
> injected prefixes, or keep out both accidentially and maliciously
> injected prefixes.
> This means that a reasonable filter, i.e., one that can be configured
> on a router with a relatively limited number of filter rules, must
> allow through all prefixes that match legitimate allocations, and
> reject as much of everything else as possible.
I don't see how fixed sizes and contiguous assignments will prevent
people from announcing space not delegated to them. Right now the best
way to manage this is by filtering your own customers with an explicit
list (manually or RR generated) and applying peer pressure to peers who
Hopefully in the near future we will have crypto-signed announcements
to solve this problem for real.
More information about the ARIN-PPML