nanog mailing list archives
Re: do not filter your customers
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Thu, 23 Feb 2012 10:49:53 -0500
On Thu, Feb 23, 2012 at 1:57 AM, Randy Bush <randy () psg com> wrote:
and things when further downhill from there, when telstra also did not filter what they announced to their peers, and the peers went over prefix limits and dropped bgp.Oh! so protections worked!imiho, prefix count is too big a hammer.
sure. aspath-filter! :)
it would have been better if optus had irr-based filters in place on peerings with telstra. then they would not have dropped the sessions and their customers could still reach telstra customers.
really, both parties need/should-have filters, right? both parties should have their 'irr data' up-to-date... both parties should also filter outbound prefixes (so they don't leak internals, or ...etc) telstra seems to have ~8880 or so prefixes registered in IRRs (via radb whois lookup) optus has ~1217 or so prefixes registered in IRRs (again via the same lookup to radb)
of course, if telstra did not publish accurately in an irr instance, not much optus could do.
it's not clear how accurate the data is :( I do see one example that's not telstra (and which I don't see through telstra from one host I tested from) 203.59.57.0/24 a REACH customer, supposedly, registered by REACH on the behalf of the customer... the whole /16 there is allocated to the same entity not REACH though, so that's a tad confusing. -chris
Current thread:
- do not filter your customers Randy Bush (Feb 22)
- RE: do not filter your customers Christian Nielsen (Feb 22)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Christopher Morrow (Feb 22)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Peter Ehiwe (Feb 22)
- Re: do not filter your customers Anurag Bhatia (Feb 23)
- Re: do not filter your customers Christopher Morrow (Feb 23)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Danny McPherson (Feb 23)
- Re: do not filter your customers Randy Bush (Feb 23)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Steven Bellovin (Feb 24)
- Re: do not filter your customers goemon (Feb 24)
- Re: do not filter your customers Joe Maimon (Feb 24)
- RE: do not filter your customers Christian Nielsen (Feb 22)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Christopher Morrow (Feb 24)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Richard Barnes (Feb 24)