[Main] [Communities] [sBH/erBH] [rtsdCoS] [Routing Policy] [Filtering Policy] [Peering Policy]


KPN LOGO
AS286 Filtering Policy

v20170802



Introduction

This document only applies to the KPN worldwide IP backbone AS286.

The hereby described filtering policy may be adjusted, altered and updated any time. And most likely it's already slightly modified ...

If you have any questions regarding filtering done by AS286, transit customers should contact our NOC and peers should contact as286-peering@kpn.com.

A list of communities used by AS286 and their meaning can be found here AS286-communities.html.

A general description on routing policies of AS286 can be found here AS286-routing-policy.html.




Martian and similar addresses

AS286 may filter packets with the following addresses in- and/or outbound with following addresses as source or destination (IPv6 pending):




Common used amplification type packets

AS286 may rate-limit packets commonly used for amplification attacks to a rate not impacting normal traffic, but reducing the impact for its customers, peers and its network during attacks. Further KPN may filter specific packets sourced or addressed to a specific address or network or packets matching certain patterns in case of ongoing attacks.




Anti-spoofing filters on access and single homed & single AS transit customers

AS286 may drop packets inbound on customer access ports, which are not sourced from the assigned address range and may filter out -on well-known single homed & single AS transit ports of customers- packets sourced from address space not announced / registered with an IRR for this AS.




Anti-spoofing filters for AS286 "own" addresses

AS286 may drop packets inbound, which have a source address out of AS286's "own" address range.