nanog mailing list archives
Re: BGP prefix filter list
From: Mike Hammett <nanog () ics-il net>
Date: Fri, 24 May 2019 12:28:42 -0500 (CDT)
If networks are going to make unconventional announcements, I'm not concerned if they suffer because of it. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Sabri Berisha" <sabri () cluecentral net> To: "Ross Tajvar" <ross () tajvar io> Cc: "nanog" <nanog () nanog org> Sent: Friday, May 24, 2019 12:03:52 PM Subject: Re: BGP prefix filter list Hi, They can, but they don't necessarily have to. In the example I mentioned, there was a private peering between them. Well, until very recently. My point being that it's not always black and white, and sometimes deaggregation is necessary for operational purposes. That's not to excuse lazy operators of course. Thanks, Sabri ----- On May 22, 2019, at 11:23 AM, Ross Tajvar <ross () tajvar io> wrote: In that case shouldn't each company advertise a /21? On Wed, May 22, 2019, 1:11 PM Sabri Berisha < sabri () cluecentral net > wrote: <blockquote> Hi, One legitimate reason is the split of companies. In some cases, IP space needs to be divided up. For example, company A splits up in AA and AB, and has a /20. Company AA may advertise the /20, while the new AB may advertise the top or bottom /21. I know of at least one worldwide e-commerce company that is in that situation. Thanks, Sabri ----- On May 22, 2019, at 9:40 AM, Tom Beecher <beecher () beecher cc> wrote: <blockquote> There are sometimes legitimate reasons to have a covering aggregate with some more specific announcements. Certainly there's a lot of cleanup that many should do in this area, but it might not be the best approach to this issue. On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta < alejandroacostaalamo () gmail com > wrote: <blockquote> On 5/20/19 7:26 PM, John Kristoff wrote:
On Mon, 20 May 2019 23:09:02 +0000 Seth Mattinen < sethm () rollernet us > wrote:A good start would be killing any /24 announcement where a covering aggregate exists.I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the aggregates, and 4) no actual legitimate aggregate exists, (all reasonable assumptions so far for many /24's), then they have a pretty good opportunity to capture that traffic.
+1 John Seth approach could be an option _only_ if prefix has an aggregate exists && as origin are the same
John
</blockquote> </blockquote> </blockquote>
Current thread:
- Re: BGP prefix filter list, (continued)
- Re: BGP prefix filter list William Herrin (May 20)
- Message not available
- Re: BGP prefix filter list John Kristoff (May 20)
- Re: BGP prefix filter list Seth Mattinen (May 20)
- Re: BGP prefix filter list Ca By (May 20)
- Re: BGP prefix filter list Alejandro Acosta (May 21)
- Re: BGP prefix filter list Tom Beecher (May 22)
- Re: BGP prefix filter list Alejandro Acosta (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 22)
- Re: BGP prefix filter list Ross Tajvar (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 24)
- Re: BGP prefix filter list Mike Hammett (May 24)
- Re: BGP prefix filter list William Herrin (May 24)
- Re: BGP prefix filter list Blake Hudson (May 24)
- Re: BGP prefix filter list William Herrin (May 24)
- Re: BGP prefix filter list James Jun (May 25)
- Re: BGP prefix filter list Robert Blayzor (May 30)
- Re: BGP prefix filter list William Herrin (May 30)
- Re: BGP prefix filter list Mel Beckman (May 30)
- Re: BGP prefix filter list William Herrin (May 30)
- Re: BGP prefix filter list Mel Beckman (May 30)
- Re: BGP prefix filter list William Herrin (May 30)