Home page logo
/

nanog logo nanog mailing list archives

Re: do not filter your customers
From: Dongting Yu <dongting.yu () cl cam ac uk>
Date: Sat, 25 Feb 2012 22:39:15 +0000

Let me chime in and attempt to explain why a couple of solutions I've
seen so far in this thread won't work:

- rate-limiting/throttling updates: BGP by protocol does not repeat
updates; if an update is sent then the sender assumes that the
receiver has received it and will remember it until a change or a
withdrawal. If you rate limit announcements, either you hold things
off in a buffer, which would need a very large buffer, or you drop
updates, which would lead to inconsistent views on the two sides of
the session. What if a legitimate update was among the large burst?

- max-prefix: it is currently used to prevent large bursts of updates
but it won't stop Youtube incident, which was more targeted. Perhaps
the YT incident falls into a different category from 'route leaks' but
without a clear definition of the latter we simply cannot say. Also,
max-prefix causes problems in slowly-increasing peers or peers with
new large customers and people not bothered to adjust the max-prefix
value accordingly.

- max-prefix in the form of a percentage: some peers actually are very
stable in the number of prefixes they announce, and some are not. Both
are probably valid depending on your business model/requirements. A x%
may be too lax for one company but too little for another. Figuring
the right number (or even a ballpark) is probably a lot harder than a
simple max-prefix value. I have seen ASes that announce hundreds to
tens of thousands of prefixes on a periodic basis. Percentages also
don't work so well for ASes with single-digit or low-double-digit
number of of prefixes.


Dongting


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault