Re: BGP prefix filter list

[Blake Hudson <blake () ispn net>]

Gracias Alejandro, I had never considered anti-hijack, anti-DoS, or RTBH 
advertisements in this equation. Another knock against filtering based 
on prefix size is that it may not have the intended outcome on some 
platforms. As I recall reading about one vendor's platform (the ASR9k 
perhaps?) and its TCAM organization process, it stored /32 routes in a 
dedicated area for faster lookups and did the same for /24 routes. If 
one were to remove just the /24 routes from their RIB, the result would 
free up space in the storage area dedicated for /24's, but would 
consequently put more pressure on the areas reserved for prefixes 
between /0 and /23 as covering routes are installed into FIB. The result 
of removing /24's from the RIB on this platform would, unintuitively, 
put the user in a worse position with regard to TCAM utilization - not a 
better one.

If one is going to filter routes from his or her router's RIB, doing so 
based on subnet size seems to be a poor way. Doing so based on AS depth 
(your second solution) has fewer disadvantages in my opinion. As others 
have mentioned, there are even more intelligent ways of filtering but 
they rely on outside knowledge like cost, bandwidth, delay, or the 
importance to your customers of reaching a given destination - stuff not 
normally known to BGP.

Alejandro Acosta wrote on 5/18/2019 10:35 AM:
> Hello,
>
>    As a comment, after receiving several complains and after looking 
> many cases, we evaluated what is better, to cut the table size 
> filtering "big" network or "small" networks.  Of course this is a 
> difficult scenario and I guess there are mix thinking about this, 
> however, we concluded that the people (networks) that is less affected 
> are those who learn small network prefixes (such as /24, /23, /22, /21 
> in the v4 world).
>
>   If you learn, let's say, up to /22 (v4), and someone hijacks one /21 
> you will learn the legitimate prefix and the hijacked prefix. Now, the 
> owner of the legitimate prefix wants to defends their routes 
> announcing /23 or /24, of course those prefixes won't be learnt if 
> they are filtered.
>
>   We published this some time ago (sorry, in Spanish): 
> http://w4.labs.lacnic.net/site/BGP-network-size-filters
>
>
> That's it, my two cents.
>
>
> Alejandro,
>
>
>
> On 5/15/19 7:43 AM, Baldur Norddahl wrote:
> > Hello
> >
> > This morning we apparently had a problem with our routers not 
> > handling the full table. So I am looking into culling the least 
> > useful prefixes from our tables. I can hardly be the first one to 
> > take on that kind of project, and I am wondering if there is a ready 
> > made prefix list or similar?
> >
> > Or maybe we have a list of worst offenders? I am looking for ASN that 
> > announces a lot of unnecessary /24 prefixes and which happens to be 
> > far away from us? I would filter those to something like /20 and then 
> > just have a default route to catch all.
> >
> > Thanks,
> >
> > Baldur