RE: Clue's for Clue-less

["Martin, Christian" <CMartin () mercury balink com>]

I agree that core stability is of utmost importance, but by randomly and
somewhat unilaterally denying prefixes without verification of the
validity of their origin...Hmm, lets see...AS 1 sending the 4.0.0.0
netblock across a direct peering point, but it get's nicked because of
max-prefix, so it comes across through a multihomed downstream and all
of a sudden, sorry little multihomed downstream is carrying 200 Megs of
BBN transit.  Oops!  

I would think that the only thing that this command protects is routers
with slim memory profiles.  Core routers should let the BGP decision
process clean the routes, although I do get scared when 10,000 new
routes appear over the weekend.  After this weekends fiasco, I can see
your reasons, though.  Maybe RSNG is useful after all...

Chris


> -----Original Message-----
> From: Richard Irving [mailto:rirving () onecall net]
> Sent: Monday, October 26, 1998 4:27 PM
> To: Martin, Christian
> Cc: 'nanog () merit edu'
> Subject: Re: Clue's for Clue-less
>
>
> No proof one way, or the other, Martin....
>
>    The only neighbors I lost on this one, dumped something 
> they shouldn't..... If someone de-aggregates a /16,
> it fires off alarms.... Although these may be valid advertisements,
> We have opted for the "safe, rather than sorry" perspective.
> (Besides, the alarms *assure* prompt attention)
>
>    Running the internet requires a certain degree of Altruism.
> One should set policies that *protect* the core, rather than one's
> own....... ;)
>
>  Doing other than this will result in a global internet
> that is not reliable...And we all lose.
>
>    "The good of the many, outweigh the desires of the few"
>
> (No matter *how* expensive a tie they wear ;)
>
> PS: 11.2.xx and higher have this command... 
>
>
> Martin, Christian wrote:
> > Richard Irving Wrote:
> > > To "You Know Who You Are":
> > >
> > > Since some of the filtering policies on the core *seem* to
> > > not benefit the Internet as a whole... (or is that Hole ? ;)
> > >
> > >  May I suggest one that does:
> > >
> > >  neighbor WWW.XXX.YYY.ZZZ maximum-prefix XXXXX
> > >
> > >   It has a way of dropping "clue-nots"..... When
> > > they demonstrate said title.....
> > >
> > >  Your clueful attention appreciated.
> > >
> > > Signed,
> > >
> > >  One *URKED* Core Operator.
> >
> > What if it has a way of dropping big blocks?  From what I've seen n
> > sniffer traces, it depends on how the routes are stored in 
> the BGP table
> > that determines how they are advertised.  This may have the 
> effect of
> > sinking large, valid netblocks.  Unless you've seen otherwise...
> >
> > -Chris