nanog mailing list archives
BGP filtering (was Re: AS8584 taking over the internet)
From: "John A. Tamplin" <jat () traveller com>
Date: Fri, 10 Apr 1998 13:32:11 -0500 (CDT)
On Thu, 9 Apr 1998, Jason L. Weisberger wrote:
Having strong filters on what routes you will and will not accept from your downstreams is important - so Joe Terrorist or Joe Halfaclue can't screw up and cause you trouble. Generally if the people doing the bulk of the route trading are managing things well this shouldn't be a problem and we'll all continue to live with the possibility that we'll be woken up in the middle of the night for minor and friendly glitches.
I agree that filters are useful. However, I think it is missing half of the problem if you simply assume that moving the configuration problem into the filters doesn't still remain a problem. For example, recently we added a new transit customer, and asked UUNet (who we have been very happy with despite this incident) to add their aggregates to their prefix filters for us. They did so, but a couple of weeks later we cleared the BGP session to make changes in our inbound route policy, and noticed we were getting almost no inbound traffic from them. Checking at the various looking glasses, it was obvious that UUNet was only accepting routes from us for this new transit customer (ie, they had replaced our existing filters with the new aggregates rather than appending them to the list). It took 14 hours to get them to understand what the problem was and to correct it. I'm not saying that filtering prefixes isn't a good safety net, but what I am saying is that you are simply moving the configuration problems to a different place. Granted, the scope of who is affected by an error is generally much smaller, but the root of the problem is manual configuration. We have never had a similar problem with MCI, and they build the filters from the IRR. As long as our route objects (and those of ASes we provide transit for) are correct, the filters on our BGP session are correct. John Tamplin Traveller Information Services jat () Traveller COM 2104 West Ferry Way 205/883-4233x7007 Huntsville, AL 35801
Current thread:
- Re: AS8584 taking over the internet, (continued)
- Re: AS8584 taking over the internet Cengiz Alaettinoglu (Apr 09)
- Re: AS8584 taking over the internet Gary R Wright (Apr 09)
- Re: AS8584 taking over the internet Randy Bush (Apr 09)
- Re: AS8584 taking over the internet Jon Lewis (Apr 09)
- Re: AS8584 taking over the internet Michael Shields (Apr 09)
- Message not available
- Re: AS8584 taking over the internet Jay R. Ashworth (Apr 09)
- Re: AS8584 taking over the internet Dalvenjah FoxFire (Apr 09)
- Re: AS8584 taking over the internet Randy Bush (Apr 09)
- Re: AS8584 taking over the internet Dalvenjah FoxFire (Apr 09)
- Re: AS8584 taking over the internet Jason L. Weisberger (Apr 09)
- BGP filtering (was Re: AS8584 taking over the internet) John A. Tamplin (Apr 10)
- Re: AS8584 taking over the internet Dean Anderson (Apr 10)
- Re: AS8584 taking over the internet philip bridge (Apr 14)
- Re: AS8584 taking over the internet Curtis Villamizar (Apr 23)
- Re: AS8584 taking over the internet Michael Dillon (Apr 23)
- IOPS member operation contact info (was Re: AS8584 ...) Curtis Villamizar (Apr 23)
- Re: AS8584 taking over the internet Gary E. Miller (Apr 08)