Home page logo
/

nanog logo nanog mailing list archives

Re: Lazy Engineers and Viable Excuses
From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 27 Aug 2003 09:36:02 -0400

In a message written on Wed, Aug 27, 2003 at 12:15:18AM -0400, John Payne wrote:
If this is true, then why do the european NAP mailing lists (which push IRR 
filtering) have an almost constant stream of "oops, our customer announced 
everything to us and we leaked it".

Because European naps have more smaller and clueless players.  I
know more than a few people (because they ask for peering) who have
an IRR entry that is 1 prefix for the "ISP", and 1 prefix for their
only BGP customer.  It should be of no surprise they get that
customer configured wrong.  It should also be of no surprise that
most of the real ISP's would never consider peering with those types
of networks.

Of course, those small and clueless players exist elsewhere, but in
general you don't see them connected to exchange points in other parts
of the world.

Filtering peers is not the way to go.  Filtering customers and "trusting" 
peers to do the same is.  (Whether that trust explictly mentioned in a 
peering agreement or whatever).

You're right, but you missed a part of that solution.  ISP's should
filter customers, and "trust" peers to do the same.  That also means
they need to qualify their peers in some way to insure they aren't
peering with someone who doesn't understand that.

Just a shame that not everyone filters their customers.  And although it 
has been a while, I know I've seen a route-leak from 6461 at AMS-IX.
(Probably last year sometime)

6461 filters all customers by prefix list.  Note too, filtering
customers does not eliminate route leaks, it just removes the most
obvious and often cause.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault