[Main] [Communities] [sBH/erBH] [rtsdCoS] [Routing Policy] [Filtering Policy] [Peering Policy]

AS286 Filtering Policy


Fading away ...

AS286/KPN International was taken over by AS3257/GTT in December 2019. AS286 will be integrated into / migrated to 3257 and fade away. Therefore some of the information found on these pages might be outdated / obsolete.


This document only applies to the KPN worldwide IP backbone AS286.

The hereby described filtering policy (filtering = dropping packets) may be adjusted, altered and updated any time. And most likely it's already slightly modified ...

If you have any questions regarding filtering done by AS286, transit customers should contact our NOC and peers should contact peering@as286.net.

A list of communities used by AS286 and their meaning can be found here AS286-communities.html.

A general description on routing policies of AS286 can be found here AS286-routing-policy.html.

Martian and similar addresses

AS286 may filter packets with the following addresses in- and/or outbound with following addresses as source or destination (IPv6 pending):

Common used amplification type packets

AS286 may rate-limit packets commonly used for amplification attacks to a rate not impacting normal traffic, but reducing the impact for its customers, peers and its network during attacks. Further KPN may filter specific packets sourced or addressed to a specific address or network or packets matching certain patterns in case of ongoing attacks.

Anti-spoofing filters on access and single homed & single AS transit customers

AS286 may drop packets inbound on customer access ports, which are not sourced from the assigned address range and may filter out -on well-known single homed & single AS transit ports of customers- packets sourced from address space not announced / registered with an IRR for this AS.

Anti-spoofing filters for AS286 "own" addresses

AS286 may drop packets inbound, which have a source address out of AS286's "own" address range.