nanog mailing list archives
Re: BGP prefix filter list
From: Ross Tajvar <ross () tajvar io>
Date: Wed, 22 May 2019 14:23:20 -0400
In that case shouldn't each company advertise a /21? On Wed, May 22, 2019, 1:11 PM Sabri Berisha <sabri () cluecentral net> wrote:
Hi, One legitimate reason is the split of companies. In some cases, IP space needs to be divided up. For example, company A splits up in AA and AB, and has a /20. Company AA may advertise the /20, while the new AB may advertise the top or bottom /21. I know of at least one worldwide e-commerce company that is in that situation. Thanks, Sabri ----- On May 22, 2019, at 9:40 AM, Tom Beecher <beecher () beecher cc> wrote: There are sometimes legitimate reasons to have a covering aggregate with some more specific announcements. Certainly there's a lot of cleanup that many should do in this area, but it might not be the best approach to this issue. On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta < alejandroacostaalamo () gmail com> wrote:On 5/20/19 7:26 PM, John Kristoff wrote:On Mon, 20 May 2019 23:09:02 +0000 Seth Mattinen <sethm () rollernet us> wrote:A good start would be killing any /24 announcement where a covering aggregate exists.I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the aggregates, and 4) no actual legitimate aggregate exists, (all reasonable assumptions so far for many /24's), then they have a pretty good opportunity to capture that traffic.+1 John Seth approach could be an option _only_ if prefix has an aggregate exists && as origin are the sameJohn
Current thread:
- Re: BGP prefix filter list, (continued)
- Re: BGP prefix filter list i3D . net - Martijn Schmidt (May 20)
- Re: BGP prefix filter list Seth Mattinen (May 20)
- Re: BGP prefix filter list William Herrin (May 20)
- Message not available
- Re: BGP prefix filter list John Kristoff (May 20)
- Re: BGP prefix filter list Seth Mattinen (May 20)
- Re: BGP prefix filter list Ca By (May 20)
- Re: BGP prefix filter list Alejandro Acosta (May 21)
- Re: BGP prefix filter list Tom Beecher (May 22)
- Re: BGP prefix filter list Alejandro Acosta (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 22)
- Re: BGP prefix filter list Ross Tajvar (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 24)
- Re: BGP prefix filter list Mike Hammett (May 24)
- Re: BGP prefix filter list William Herrin (May 24)
- Re: BGP prefix filter list Blake Hudson (May 24)
- Re: BGP prefix filter list William Herrin (May 24)
- Re: BGP prefix filter list James Jun (May 25)
- Re: BGP prefix filter list Robert Blayzor (May 30)
- Re: BGP prefix filter list William Herrin (May 30)
- Re: BGP prefix filter list Mel Beckman (May 30)
- Re: BGP prefix filter list William Herrin (May 30)