Re: [apnic-talk] NICs and Egress filtering?
Geoff Huston wrote:
>
> "How would they enforce them?"
>
> Good question Joe, and one which I've also thought about without getting
> to any sensible conclusion myself.
>
> Egress filter would ensure that traffic used source addresses consistent
> with routing advertisements (RFC 2827) right?
>
> But surely this would also require that the routing system itself has some
> level of trustable integrity. The issue in my mind is: how is the integrity
> of the routing system managed?
>
>From the end user's viewpoint it appears things work because users
complain when they go wrong. About 18 months ago we switched ISPs
keeping our IP allocation, and some nine months after that the original
ISP decided they still "had" our c class network. They allocated it to
one of their new customers and updated the Optus routers (or whatever)
and it took 2 days of their stuffing around before enough pressure was
applied for them to actually look at the problem and fix it.
If an ISP is in fact trusted with updating the routing system I guess we
have to believe they are doing it correctly. Who else would know (or
care) except the parties directly involved. Then again as it is such a
fundamental component of the Internet problems do get fixed relatively
quickly.
--
Phil Crooker ORIX Australia 61 8 8443 6844
UNIX SysAdmin pcrooker at orix dot com dot au 61 8 8443 6955 (fax)
* APNIC-TALK: General APNIC Discussion List *
* To unsubscribe: send "unsubscribe" to apnic-talk-request at apnic dot net *