[ppml] question on 2006-2 v6 internal microallocation

Christopher Morrow christopher.morrow at gmail.com
Sat Sep 2 21:54:39 EDT 2006


On 8/24/06, Pekka Savola <pekkas at netcore.fi> wrote:

> Internal structure considerations also doesn't apply, as your
> neighbors and customers can static-route to your internal block unless
> you implement packet filtering at your borders.  Hence, I cannot see a
> scenario where packet filtering wouldn't be sufficient.

The 'solution' will never be 100% (not everyone has an edge capable of
filtering each interface at line rate, nor will they in the future),
this is irrelevant however to the discussion at hand.

The point of using some globally unique/registered space for your
network buildout and not advertising it to the global community is two
fold: 1) to avoid people X hops away from being able to cause you
problems (trim out a large portion of the problem, keep things clean
for your self and your infrastructure protection filtering needs), 2)
avoid having to fight it out with a 'customer' who wants/needs/is
using your internal space for their network.

Whether or not you can make a filter on an interface do the 'right'
thing isn't important, not having the problem in the first place (or
having far less of it) is important. Also, defense in depth is nice,
eh? So when monkey #12 removes/de-provisions an interface things don't
get opened up unnecessarily to the evils that are the network outside
your moat.

-Chris



More information about the ARIN-PPML mailing list