Home page logo

nanog logo nanog mailing list archives

Re: Lazy Engineers and Viable Excuses
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Wed, 27 Aug 2003 19:16:50 +0100 (BST)

--On Wednesday, August 27, 2003 9:36 AM -0400 Leo Bicknell 
<bicknell () ufp org> wrote:

In a message written on Wed, Aug 27, 2003 at 12:15:18AM -0400, John Payne
If this is true, then why do the european NAP mailing lists (which push
IRR  filtering) have an almost constant stream of "oops, our customer
announced  everything to us and we leaked it".

Because European naps have more smaller and clueless players.  I
know more than a few people (because they ask for peering) who have
an IRR entry that is 1 prefix for the "ISP", and 1 prefix for their
only BGP customer.  It should be of no surprise they get that
customer configured wrong.  It should also be of no surprise that
most of the real ISP's would never consider peering with those types
of networks.

CAIS (or whatever they're called today - BtNAccess/PCCW) is a small and 
clueless player?  Then why is 6461 peering with 3491?

(yeah, that was a customer route leak in July.  I tend to just delete such 
emails, but I'd be surprised if there weren't more in August from ISPs that 
don't fit into "small and clueless")

there have been leaks by some large networks "tier1" if you like

you dont know what caused the route leaks tho..

eg modifying cisco route-maps and filters by deleting and re-adding opens a
small window of opportunity in which a lot of announcements get through, if your
CLI pauses during this window or something causes you to be disconnected its
instant route leak

i quote the above as i know of more than one occasion where this has occured to
bad consequences

you can think of others eg the filter building script has a bug in it etc etc

better to try and fail than to not try at all imho

Not everyone filters their customers, and saying that everyone that counts 
does doesn't make it so.

6461 filters all customers by prefix list.  Note too, filtering
customers does not eliminate route leaks, it just removes the most
obvious and often cause.

Really?  So how was I able to advertise a new netblock to one of your 
customers just now and see 6461 <their AS> <my AS> on 
route-views.oregon-ix.net within 2 minutes and without telling a soul what 

good question, however as an ex-customer I know MFN do filter.. perhaps you're 
announcing that many that your being filtered on as-path of prefix count? try 
announcing something naughty and see if it goes thro eg rfc1918 or the block 
with windowsupdate on .. that should increase your traffic volume ;p


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]