nanog mailing list archives
Re: Route leak in Bangladesh
From: Nick Hilliard <nick () foobar org>
Date: Tue, 30 Jun 2015 16:04:35 +0100
On 30/06/2015 14:29, Mark Tinka wrote:
- Get your downstreams to create route objects before you turn them up.
- Get your provisioning teams to validate the prefixes being
provided by your downstreams.
- Use both prefix- and AS_PATH-based filters for your downstreams.
- Use BGP communities (as you've stated).
- No exceptions.
plus: - fully automate ingress prefix management - use maxprefixes with manual reenable on all ebgp sessions I've been caught with fully automated IRR based per-session prefix filtering where the customer put the IXP AS macro into their AS macro. When the customer did a 7007 on this, we accepted everything that they announced back to us, oy vey. So you need both. Nick
Current thread:
- Re: NTT->HE earlier today (~10am EDT), (continued)
- Re: NTT->HE earlier today (~10am EDT) Ca By (Jun 30)
- Re: NTT->HE earlier today (~10am EDT) Job Snijders (Jun 30)
- Re: NTT->HE earlier today (~10am EDT) Jared Mauch (Jun 30)
- Re: NTT->HE earlier today (~10am EDT) Job Snijders (Jun 30)
- Re: NTT->HE earlier today (~10am EDT) Randy Bush (Jun 30)
- Re: NTT->HE earlier today (~10am EDT) Job Snijders (Jun 30)
- Re: Route leak in Bangladesh Randy Bush (Jun 30)
- Re: Route leak in Bangladesh Matsuzaki Yoshinobu (Jun 30)
- Re: Route leak in Bangladesh Mark Tinka (Jun 30)
- Re: Route leak in Bangladesh Nick Hilliard (Jun 30)
- Re: Route leak in Bangladesh Job Snijders (Jun 30)
- Re: Route leak in Bangladesh Joe Abley (Jun 30)
- Re: Route leak in Bangladesh Job Snijders (Jun 30)
- Re: Route leak in Bangladesh Mark Tinka (Jun 30)
- Re: Route leak in Bangladesh Job Snijders (Jun 30)