nanog mailing list archives
Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
From: "Kevin Oberman" <oberman () es net>
Date: Wed, 15 Nov 2000 12:02:59 -0800
First, it is not clear to me whether Juniper can prefix filter on a tier 1. Cisco can prefix filter on SOME NSPs that might be classed as tier 1. ESnet prefix filters on all peers that have fewer than about 10,000 prefixes. As we are moving to Juniper at one peering point, we might try filtering come bigger peers. The Juniper folks say that they are still testing how extremely large policies effect performance. We will see. Note: I am only talking about filtering BGP announcements, not packets! Since Sprint and UUnet don't seem to be willing to provide information in the IRR to allow us to generate access-lists/policies, and not peering with these folks would be a Bad Idea(tm), so we can't quite filter everyone. (If I could figure out a way to get them to register, I'd have fun trying, though.) The only downside to such filtering I have seen is that some folks (including some which use the router servers which mandate registration) are very lax about registration. It also makes for some rather long configuration files. Even with many large peers not being filtered, configurations at major meet points exceed a megabyte. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman () es net Phone: +1 510 486-8634
Current thread:
- Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions David Diaz (Nov 14)
- Re: Trusting BGP sessions David Diaz (Nov 14)
- <Possible follow-ups>
- RE: Trusting BGP sessions Mark Borchers (Nov 14)
- Re: Trusting BGP sessions Steven M. Bellovin (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Adrian Chadd (Nov 15)
- [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Kevin Oberman (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) gerald (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Ran Atkinson (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Howard C. Berkowitz (Nov 20)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 20)