SprintLink Point to Point IP Address Routing
What is Sprint's policy on routing the point-to-point network between Sprint and its customer?
A. SprintLink will not route the /30 IP networks that are used for point-to-point connections between a SprintLink router and the customer premise router. In other words, the point-to-point network will not be globally reachable from the Internet.
Why does Sprint have this policy?
A. The main reason Sprint has implemented this policy is to enhance security. Most Denial of Service (DoS) attacks launched against routers are based on the IP addresses obtained by tracerouting to the target. Since Sprint will no longer announce the addresses used for the router serial interface, this type of attack can be avoided. For example, if someone wanted to attack the router that acts as a default gateway for www.example.com, one could traceroute to www.example.com:
traceroute www.example.com Tracing the route to www.example.com (10.200.200.200) 1 router1.isp.net (10.10.15.217) [AS 65123] 0 msec 0 msec 0 msec 2 router.abc.net (10.100.150.218) [AS 65140] 0 msec 0 msec 4 msec 3 www.example.com (10.200.200.200) [AS 65140] 20 msec 20 msec 20 msec
The hop just before reaching the www.example.com network is 10.100.150.218, so the attack would target that address. This IP address is on the interface of the customer premise router (router.abc.net) that connects to the edge router on the provider's side (router1.isp.net). By not routing the IP addresses that connect the customer premise and edge routers, this attack can be prevented.
How can I get Sprint to route my point-to-point network (or stop if I previously requested it be routed)?
A. Existing customers, use Compass to request changes to how your /32 is routed. New customers, please request an Implementation engineer to route your serial IP address during circuit turn up.