Dan Lanciani wrote: > > Andrew White <[EMAIL PROTECTED]> wrote: > > |Dan Lanciani wrote: > | > |> There is a huge difference between requiring a /48 and allowing anything > |> greater than /8. The former ... > |> while the latter means that you can bypass the black hole with 2 or 4 > |> route additions. > | > |Of course you can bypass it. > > The proposed wording is: > > ``Router manufacturers MUST ensure that said black hole cannot be > deconfigured, turned off, or otherwise overridden in toto;'' > > How do you reconcile this with ``Of course you can bypass it.''?
The immediately preceding context was Alan stating that his reading was that only /8 routes are to be discarded and that anything more specific would be forwarded. You seemed to be saying that having an easy workaround invalidated the value of the filter, which Alan and Christian (and I) seem to disagree with. I object to the proposed wording also, if only because routers must be able to be configured for 'inside' work at which point local addresses are in-scope and should not be filtered. It should be possible to disable the filtering or refine it. I agree that the Hinden/Haberman draft only covers filters AT the border, and that this is a weakness. All routers designed for BGP routing should by default discard (preferably with "ICMP No Route To Host" or "ICMP Destination Unreachable" as appropriate) packets with local source or destination addresses and BGP implementations should ignore / refuse updates to such addresses (of any length prefix). Unless administratively configured to do otherwise. With such a restriction, I don't see much incentive for an ISP (or other user) to disable the filters in a general manner. Since most routers will filter anyway, they can only route the local packets to other people who've disabled the filters, and anyone disabling the filters (and only those people) needs to cope with potential routing table increases for their OWN tables. -- Andrew White -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
