nanog mailing list archives
Re: intra-AS messaging for route leak prevention
From: Mark Tinka <mark.tinka () seacom mu>
Date: Fri, 10 Jun 2016 19:02:50 +0200
On 10/Jun/16 10:50, Job Snijders wrote:
I second this. One of NTT's design principles is to be very strict in what we accept (e.g. "postel was wrong") at the ingress point. At the ingress point the route announcement is weighted, judged, categorized & tagged. This decides 99% of what happens next: the egress points are merely executing what was "decided" at ingress (but exceptions are possible).
Agree. We do the same.
You say 'often', but I don't recognise that design pattern from my own experience. A weakness with the egress point (in context of route leak prevention) is that if you are filtering there, its already too late. If you are trying to prevent route leaks on egress, you have already accepted the leaked routes somewhere, and those leaked routes are best path somewhere in your network, which means you've lost.
Agree. We don't do any AS_PATH filtering on egress. The only AS_PATH-anything we do on border routers is signal customer-initiated prepends via BGP communities. Those prepends are done at the border routers carrying the interested transit network. Otherwise, all egress filtering is based on BGP communities + general "no longer then /24, /48" rule as a fail-safe. Mark.
Current thread:
- intra-AS messaging for route leak prevention Sriram, Kotikalapudi (Fed) (Jun 06)
- Re: intra-AS messaging for route leak prevention Job Snijders (Jun 06)
- Re: intra-AS messaging for route leak prevention Joe Provo (Jun 06)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 06)
- Re: intra-AS messaging for route leak prevention Sriram, Kotikalapudi (Fed) (Jun 08)
- Re: intra-AS messaging for route leak prevention Joe Provo (Jun 08)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 08)
- Re: intra-AS messaging for route leak prevention Sriram, Kotikalapudi (Fed) (Jun 09)
- Re: intra-AS messaging for route leak prevention Job Snijders (Jun 10)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 10)
- Re: intra-AS messaging for route leak prevention Leo Bicknell (Jun 10)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 10)
- Re: intra-AS messaging for route leak prevention Joe Provo (Jun 11)
- Re: intra-AS messaging for route leak prevention Job Snijders (Jun 06)
- Re: intra-AS messaging for route leak prevention Christopher Morrow (Jun 10)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 10)
- Re: intra-AS messaging for route leak prevention Christopher Morrow (Jun 10)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 10)
- Re: intra-AS messaging for route leak prevention Christopher Morrow (Jun 10)
- Re: intra-AS messaging for route leak prevention Hugo Slabbert (Jun 10)
- Re: intra-AS messaging for route leak prevention Mark Tinka (Jun 10)