RE: Route Leaks

["Bono, Vinny J (CORP, ITDG)" <VBono () comstor com>]

I hate to say it, but there are, uh, instances, where AS filtering would not
come close to being enough.  For example, if you had an IGP involved that
runs between two border routers, and the external table from one router
somehow gets redistributed into the IGP and then picked up by the other and
gets passed on, all the routes go out *without any previous AS path
information*.  

-The pain now surfaces-

Further, if you have one of these new fancy rotuing switches that
essentially runs a different routing process on each blade (gee, like the
BNx platforms from Bay used to do) you could (theoretically of course) have
a pair of such blades do what I described above all in one box!

The bottom line is that what happened last week end happened to us two years
ago, and to PSI the year before that.  This is not a new problem.  Unless
you are using the routing registries, which can get to be a royal pain in
the ass, we are all somewhat dependant on our fellow will filter their
outbound announcements appropriately.

-vb




> -----Original Message-----
> From: Sanjay Dani [mailto:sanjay () professionals com]
> Sent: Wednesday, October 28, 1998 2:57 AM
> To: vbono () comstor com
> Cc: nanog () merit edu
> Subject: Re: Route Leaks
>
>
>
> > I'd like to propose a simple solution to the class of route 
> leak we've
> > recently seen.
> > I'd like to encourage our peers to put a simple filter in 
> place.  If you
> > peer with AS
> > 3561, please do not accept any route with AS 3561 in the path from
> > either your
> > customers or your other peers.
>
> I feel almost silly to point out a simple solution, an extension
> of the above, to the smart crowd here. But doesn't every one
> at the very least filter routes from peers/customers to reject
> ASes 701, 3561, 1, 1239 et al. (unless of course the peer is
> one of them). Minimizes the damage right away. Of course, not
> as tight as using routing registries. Has saved us a few
> times.
>
> Now that is a positive side to the industry with a handful
> few huge, transit-free, players. Just watch the mergers
> and acquisitions news to stay current :-)
>
> -- 
> Regards,
> Sanjay.
>
> ---------------------------------------------------------------
> Web Professionals, Inc.                Direct:  +1 408-863-4850
> 20111 Stevens Creek Blvd, Suite 145    Biz/NOC: +1 408-863-4848
> Cupertino CA 95014 USA                 http://serverhosting.net
> ---------------------------------------------------------------
> -=- Data Center Server Hosting  Inside an Internet Exchange -=-