nanog mailing list archives
RE: Clue's for Clue-less
From: "Martin, Christian" <CMartin () mercury balink com>
Date: Mon, 26 Oct 1998 18:00:57 -0500
somewhat unilaterally denying prefixes without verification of thevalidity of their origin...Hmm, lets see...AS 1 sending the 4.0.0.0 netblock across a direct peering point, but it get's nickedbecause ofmax-prefix, so it comes across through a multihomeddownstream and allof a sudden, sorry little multihomed downstream is carrying200 Megs ofBBN transit. Oops!So, why would a multi-homed *downstream* be sending you *upstream* routes .... Hrrrmmmmm ? ;)
Poor filtering practices. As filter-lists grow in size and complexity, and the AS lists grow, there is the potential for leaks. All it takes is for and inexperienced/tired/clueless operator to turn up a T1 session with a multihomed downstream peer, and neglect the filter-list on their inbound updates. Then, considering that any other peer that advertises an AS that is two hops away has the same preference configured all the way through, we're talking router ID here. The OC3 session that is prefered doesn't see the routes, but they are coming in from other places, including the T1. bgp always-compare-med can help, but not everyone uses it. This can be bad. What I would like to see, though, is where the cutoff point takes place. Is it on updates, or insertions into the table? If it were updates, this would be horrible. So if the table is being pruned, where is it starting?
Current thread:
- Clue's for Clue-less Richard Irving (Oct 26)
- <Possible follow-ups>
- RE: Clue's for Clue-less Martin, Christian (Oct 26)
- Re: Clue's for Clue-less Richard Irving (Oct 26)
- Message not available
- Message not available
- Message not available
- Re: Clue's for Clue-less Richard Irving (Oct 27)
- Re: Clue's for Clue-less Richard Irving (Oct 26)
- Re: Clue's for Clue-less Richard Irving (Oct 26)
- Re: Clue's for Clue-less Jim Jagielski (Oct 27)