nanog mailing list archives
Re: Route leak in Bangladesh
From: Nick Hilliard <nick () foobar org>
Date: Wed, 1 Jul 2015 16:11:13 +0100
On 01/07/2015 16:02, Mark Tinka wrote:
Honestly, I'm ambivalent about using the IRR data for prefix-list generation (even without RPSL), also because of how much junk there is in there, and also how redundant some of it really is, e.g., someone creating a /32 (IPv4) route object and yet we only accept up to a /24 (IPv4) on the actual eBGP session, e.t.c.
We went through this a couple of years ago at INEX and ended up with a provisioning system which allows the operator to only allow specific IRRDB source: entries, customisable per customer. You're right that it would be foolish to accept any IRRDB source because a lot of them are complete trash. Otherwise, it works incredibly well for us and has stopped innumerable prefix leaks and other silly misconfigs. The source code is available on github.com/inex. Lots of IXPs use it in production. Nick
Current thread:
- Re: Route leak in Bangladesh Mark Tinka (Jun 30)
- <Possible follow-ups>
- Re: Route leak in Bangladesh Mark Tinka (Jun 30)
- Re: Route leak in Bangladesh Mark Tinka (Jun 30)
- Re: Route leak in Bangladesh Jared Mauch (Jul 01)
- Re: Route leak in Bangladesh Mark Tinka (Jul 01)
- Re: Route leak in Bangladesh Nick Hilliard (Jul 01)
- Re: Route leak in Bangladesh Mark Tinka (Jul 01)
- Re: Route leak in Bangladesh Nick Hilliard (Jul 01)
- Re: Route leak in Bangladesh Mike Hammett (Jul 01)
- Re: Route leak in Bangladesh Mark Tinka (Jul 01)
- Re: Route leak in Bangladesh Hugo Slabbert (Jul 02)
- Re: Route leak in Bangladesh Mark Tinka (Jul 02)
- Re: Route leak in Bangladesh Jared Mauch (Jul 01)
- Re: Route leak in Bangladesh Jared Mauch (Jul 01)
- Re: Route leak in Bangladesh Joe Abley (Jul 01)
- Re: Route leak in Bangladesh Nick Hilliard (Jul 01)
- Re: Route leak in Bangladesh Nick Hilliard (Jul 01)
- Re: Route leak in Bangladesh Mark Tinka (Jul 01)
- Re: Route leak in Bangladesh Nick Hilliard (Jul 01)