hey andr� you might consider to change your upstream provider ;-)) (JUST A JOKE!!!)
-steven > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im > Auftrag von Andre Oppermann > Gesendet: Dienstag, 23. Juli 2002 19:03 > An: [EMAIL PROTECTED] > Betreff: Re: [swinog] Filtering the backbone is BAD!!! Don't do it!!! > > > Thomas Kernen wrote: > > > > > > Andre > > > > > > > > I take it you mean that RFC1918 or other bogons that are > not assigned by > > > > IANA to any registry are okay to filter vs > assigned/allocated IP space > > > > to/from the registeries should not be filtered. > > > > > > Yes, exactly. > > > > > > In my opinion also the aggregating filtering on min allocation sizes > > > IP-Plus is doing is wrong. > > > > > > The problem with default deny everthing unless allowed is always that > > > you have to readjust this kind of filter all the time. And you might > > > miss some update or you are on vacation or... > > > > > > I deny </7 and >/25 plus the RFC1918 and DHCP space but allow > everything > > > else. The risk to miss a change or new allocation is almost > zero and it > > > works right away. > > > > I don't 100% agree, IANA have a web page with this info and > they keep it up > > to date, allocations out of the "reserved" address space are > not done very > > frequently, usually every 3-4 months max. When a new block is > allocated it > > usually is done way ahead of time and it usually takes months before > > anything is in the BGP table. Also, IANA do announce on various mailing > > lists when they update the allocation list. So I see nothing wrong with > > denying any non allocated address space. > > > > If one is worried about forgetting about it, there are many way > of checking > > if there has been an update, no need to list them here I think > everyone has > > his favorite script in mind. > > Maybe I've seen far too many old configurations in corporate networks > nobody knows about anymore... If you are debugging a certain problem > for hours which is caused by such old filters you know what I mean. > > Hopefully ISP networks are better managed. :-) > > -- > Andre > ---------------------------------------------- > [EMAIL PROTECTED] Maillist-Archive: > http://www.mail-archive.com/swinog%40swinog.ch/ > ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
