nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BGP route hijack by AS10990

From: Mark Tinka <mark.tinka () seacom com>
Date: Sat, 1 Aug 2020 22:31:47 +0200


On 1/Aug/20 20:14, Hank Nussbacher wrote:


AS  level filtering is easy.  IP prefix level filtering is hard. 
Especially when you are in the top 200:

https://asrank.caida.org/



Doesn't immediately make sense to me why prefix filtering is hard.




That being said, and due to these BGP "polluters" constantly doing the
same thing, wouldn't an easy fix be to use the max-prefix/prefix-limit
option:

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/prefix-limit-edit-protocols-bgp.html


For every BGP peer,  the ISP determines what the current max-prefix
currently is.  Then add in 2% and set the max-prefix. 

An errant BGP polluter would then only have limited damage to the
Internet routing table.

Not the greatest solution, but easy to implement via a one line change
on every BGP peer.



It's about combining multiple solutions to ensure several catch-points.
AS_PATH filtering, prefix filtering and max-prefix.




Smaller ISPs can easily do it on their 10 BGP peers so as to limit
damage as to what they will hear from their neighbors.



All ISP's should do this. All ISP's can.

Mark.
Previous By Date Next
Previous By Thread Next

Current thread: