nanog mailing list archives
Re: AT&T/as7018 now drops invalid prefixes from peers
From: Matthew Walster <matthew () walster org>
Date: Tue, 12 Feb 2019 15:50:53 +0100
On Tue, 12 Feb 2019, 01:52 Jay Borkenhagen <jayb () braeburn org wrote:
... but there is one place where I disagree with Niels. He advised against lowering the local-pref of invalid routes. I agree that this should not be anyone's target policy, but it is a useful step along the way.
For initial deployment, this can seem attractive, but remember that one of the benefits an ROA gives is specifying the maximum prefix length. This means that someone can't hijack a /23 with a /24. Lowering local pref on invalid means you're no longer protected (just generating alerts) because longer prefix length always beats local preference. Once you are confident that you're not dropping anything valuable, the local preference rule should move to dropping the route (not the traffic!) from being installed. M
Current thread:
- AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Ca By (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers i3D . net - Martijn Schmidt (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Niels Raijer (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Denis Fondras (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Michael Hallgren (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Owen DeLong (Feb 13)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)