nanog mailing list archives

Re: Route leak in Bangladesh


From: Mike Hammett <nanog () ics-il net>
Date: Wed, 1 Jul 2015 10:53:42 -0500 (CDT)

That they do. Thanks for a great system, BTW! 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


----- Original Message -----

From: "Nick Hilliard" <nick () foobar org> 
To: "Mark Tinka" <mark.tinka () seacom mu>, "Jared Mauch" <jared () puck Nether net> 
Cc: "North American Network Operators' Group" <nanog () nanog org> 
Sent: Wednesday, July 1, 2015 10:11:13 AM 
Subject: Re: Route leak in Bangladesh 

On 01/07/2015 16:02, Mark Tinka wrote: 
Honestly, I'm ambivalent about using the IRR data for prefix-list 
generation (even without RPSL), also because of how much junk there is 
in there, and also how redundant some of it really is, e.g., someone 
creating a /32 (IPv4) route object and yet we only accept up to a /24 
(IPv4) on the actual eBGP session, e.t.c. 

We went through this a couple of years ago at INEX and ended up with a 
provisioning system which allows the operator to only allow specific IRRDB 
source: entries, customisable per customer. You're right that it would be 
foolish to accept any IRRDB source because a lot of them are complete trash. 

Otherwise, it works incredibly well for us and has stopped innumerable 
prefix leaks and other silly misconfigs. 

The source code is available on github.com/inex. Lots of IXPs use it in 
production. 

Nick 



Current thread: