Home page logo

nanog logo nanog mailing list archives

Re: do not filter your customers
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Fri, 24 Feb 2012 16:07:28 -0500

On Fri, Feb 24, 2012 at 3:59 PM, Leo Bicknell <bicknell () ufp org> wrote:
In a message written on Fri, Feb 24, 2012 at 01:04:20PM -0700, Shane Amante wrote:
Solving for route leaks is /the/ "killer app" for BGPSEC.  I can't understand why people keep ignoring this.

Not all "leaks" are bad.

I remember when there was that undersea landside in Asia that took
out a bunch of undersea cables.  Various providers quickly did
mutual transit and other arrangements to route around the problem,
getting a number of things back up quite quickly.  These did not
match IRR records though, and likely would not have matached BGPSEC
information, at least not initially.

well.... for bgpsec so if the paths were signed, and origins signed,
why would they NOT pass BGPSEC muster?

I can see that if the IRR data didn't match up sanely
prefix-lists/filters would need some cajoling, but that likely
happened anyway in this case.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]