nanog mailing list archives
Re: Trusting BGP sessions
From: "Steven M. Bellovin" <smb () research att com>
Date: Tue, 14 Nov 2000 15:45:39 -0500
In message <20001114202940.19022.cpmta () c004 sfo cp net>, Sean Donelan writes:
On Mon, 13 November 2000, David Diaz wrote:The cabal makes jokes "Officially there is no cabal." In reality the fact is that peering is a trust event. You arePeering is a business decision. It is not an engineering decision nor a trust event. Technically, can a peer BGP session do any more or less damage to your network than a customer BGP session? The protocol is identical.
Peer BGP is (often) worse because you can't filter it as aggressively.
You *know* what prefixes your customers can advertise, and you can
discard anything else. But if you have two or more peer sessions, you
don't in general know which prefixes can legally come from which
sessions.
--Steve Bellovin
Current thread:
- Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions David Diaz (Nov 14)
- Re: Trusting BGP sessions David Diaz (Nov 14)
- <Possible follow-ups>
- RE: Trusting BGP sessions Mark Borchers (Nov 14)
- Re: Trusting BGP sessions Steven M. Bellovin (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Adrian Chadd (Nov 15)
- [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Kevin Oberman (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) gerald (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Ran Atkinson (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Howard C. Berkowitz (Nov 20)