[nsp] 82/8 allocated to RIPE

[sthaug@nethelp.no]

> Is anything achieved by filtering unallocated? (Note I do not include
> permanently reserved blocks in this comment eg rfc1918, 127/8 etc)

Yes. You cut down significantly on the volume of DoS traffic using
forged sender addresses - because these are often picked randomly.

Whether such a reduction in DoS traffic volume is important enough
to keep filtering unallocated blocks is something you have to decide
for yourself. We have concluded it is worth the trouble.

(No, we can't use any kind of uRPF check for this, because it cuts
the possible number of routing entries in our 6509s to something
way too close to the current size of the global routing table.)

Steinar Haug, Nethelp consulting, sthaug@nethelp.no