nanog mailing list archives
RE: No one behind the wheel at WorldCom
From: "Stephen J. Wilcox" <steve () opaltelecom co uk>
Date: Mon, 15 Jul 2002 19:34:07 +0100 (BST)
On Mon, 15 Jul 2002, Frank Scalzo wrote:
The problem with doing that is you do not get fine grained control. You can only say only send me 50k routes, and things not from other peers. The really nifty part about prefix-limiting your peers is when they deaggregate toward you, you drop all your bgp sessions to them at once,
Your max prefixes should give wide enough margin and larger peers should be responsible to let you know of any large %-age increase in prefixes happening in one go.
completely depeering. You still cannot prevent announcement of weird routes like 63/8. Do not be fooled into believing that just because a
63/8 I dont like but I can live with.. multiple 63.x.x.0/24 I cant
network is big they know what they are doing. Some of the 63/8 announcements I have seen came by way of sprint. Let's step back and think about this on a security front, anyone with access to a tier 1 ISPs router can dos anyone in the internet, just by throwing in a null route for the block that is more specific then the one they have advertised. Granted not easily done, but just the same I like to be the only one who can break my network.
I thought someone would mention that.. the post before mine suggested there was no method of filtering, I suggested there was a way to improve greatly the restrictions without killing CPU. I still acknowledge that its possible to break it by hacking BGP routes but something is better than nothing.
Unfortunately Majdi is correct, we do not have sufficient functionality in today's routing software to fix the problem. Oh well I guess it has worked for this long.
I agree also, and cant fix but can offer improvement. Steve
-----Original Message----- From: Stephen J. Wilcox [mailto:steve () opaltelecom co uk] Sent: Monday, July 15, 2002 8:39 AM To: Majdi S. Abbas Cc: Frank Scalzo; nanog () merit edu Subject: Re: No one behind the wheel at WorldCom There are different types of filter tho and I'd suggest they are suitable in different circumstances. eg small peer < 100 prefixes - build prefix filter list, as path list middle peer - either depending on requirement (eg cust, peer) large peer > 1000 prefixes - as path filter plus max prefix I'm not implementing the above so the numbers and suggestions are a little arbitrary but I'm making the point that you can filter smaller peers who are less experienced and more likely to give an error and for larger peers you have to be less granular but can still impose failsafes without increasing CPU. Steve On Mon, 15 Jul 2002, Majdi S. Abbas wrote:On Mon, Jul 15, 2002 at 01:58:44AM -0400, Frank Scalzo wrote:See now we are back to the catch 22 that is IRR. No one will use itbecausethe data isnt there, and no one will put the data into it because nooneuses it.[CC: list trimmed] Actually, I think you'll find that bad data is only a small part of the problem; even with good data, there isn't enough support from various router vendors to make it worthwhile; it's effectivelyimpossibleto prefix filter a large peer due to router software restrictions. We need support for very large (256k+ to be safe) prefix filters, and the routing process performance to actually handle a prefix list thislarge,and not just one list, but many. IRR support for automagically building these prefix lists would be a real plus too. Building and then pushing out filters on another machine can be quite time consuming, especially for a large network.I think the way to get IRR into the real world production realm, is to really drive home the issue w/IPV6.This still doesn't solve the scaling issue. This is nodifferentthan running your own RR, which many ISPs already do -- and they stillhave to exempt many of their peers. Typically, RR derived prefixfilteringis something reserved for only their transit customers. If it were that easy, everyone (well, some people) would be doing it. --msa
Current thread:
- Re: No one behind the wheel at WorldCom, (continued)
- Re: No one behind the wheel at WorldCom Stephen Stuart (Jul 13)
- RE: No one behind the wheel at WorldCom Frank Scalzo (Jul 13)
- Re: No one behind the wheel at WorldCom Richard A Steenbergen (Jul 13)
- Re: No one behind the wheel at WorldCom Richard A Steenbergen (Jul 13)
- Re: No one behind the wheel at WorldCom Stephen Stuart (Jul 13)
- Re: No one behind the wheel at WorldCom Richard A Steenbergen (Jul 13)
- RE: No one behind the wheel at WorldCom Frank Scalzo (Jul 14)
- Re: No one behind the wheel at WorldCom Majdi S. Abbas (Jul 15)
- Re: No one behind the wheel at WorldCom Stephen J. Wilcox (Jul 15)
- Re: No one behind the wheel at WorldCom Stefan Mink (Jul 15)
- Re: No one behind the wheel at WorldCom Majdi S. Abbas (Jul 15)
- RE: No one behind the wheel at WorldCom Frank Scalzo (Jul 15)
- RE: No one behind the wheel at WorldCom Stephen J. Wilcox (Jul 15)
- Re: No one behind the wheel at WorldCom Pedro R Marques (Jul 15)
- Re: No one behind the wheel at WorldCom Joe Abley (Jul 15)
- RE: No one behind the wheel at WorldCom Phil Rosenthal (Jul 15)
- Re: No one behind the wheel at WorldCom Vadim Antonov (Jul 16)
- Re: No one behind the wheel at WorldCom Pedro R Marques (Jul 16)
- Re: No one behind the wheel at WorldCom Vadim Antonov (Jul 16)