nanog mailing list archives
Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]
From: Danny McPherson <danny () tcb net>
Date: Mon, 25 Feb 2008 11:54:58 -0700
On Feb 25, 2008, at 6:08 AM, Pekka Savola wrote:
In a lot of this dialogue, many say, "you should prefix filter". However, I'm not seeing how an ISP could easily adopt such filtering.So, this is no excuse for not doing prefix filtering if you only do business in the RIPE region, but anywhere else the IRR data is pretty much useless, incorrect, or both.
Agreed.
(Yeah, we prefix filter all our customers. Our IPv6 peers are also prefix filtered, based on RIPE IRR data (with one exception). IPv4 peers' advertisements seem to be too big a mess, and too long filters, to fix this way.)
Do you explicitly filter routes from your upstream or transit providers? E.g., if one were to announce, say, a more specific of one of your customer's routes to you would you accept it? What about someone else's address space? The only full set of prefix filtering I've ever seen implemented (i.e., BGP customers AND peers) was b y ANS during my days at iMCI ~95. It was extremely painful at times, even for us, if we wanted to advertise new address space we had to update IRR objects and wait on their nightly push of updated routing policies at ANS. We generated our own routing policies automatically off our IRR, which mirrored others as well, and explicitly prefix filtered customers with some fixed prefix and AS path-based policies applied to peers. If it became really urgent, then we'd call ANS and have them manually update their policy, and subsequently 'bounce' the route announcement to trigger transmission of a new update. This was long before incrementally updated filters and things like BGP route refresh ever existed. Prefixes and AS-MACROs had to be right in the IRRs or the policies wouldn't be updated. It's to bad other folks didn't follow suit. As for this event, a slightly different spin here: http://tinyurl.com/3y3pzl -danny
Current thread:
- RE: YouTube IP Hijacking, (continued)
- RE: YouTube IP Hijacking Paul Stewart (Feb 24)
- Re: YouTube IP Hijacking Jason (Feb 24)
- RE: YouTube IP Hijacking Paul Stewart (Feb 25)
- RE: YouTube IP Hijacking Paul Stewart (Feb 25)
- RE: YouTube IP Hijacking Paul Stewart (Feb 24)
- Re: YouTube IP Hijacking Daniel Roesen (Feb 24)
- Re: YouTube IP Hijacking Iljitsch van Beijnum (Feb 25)
- Re: YouTube IP Hijacking Simon Leinen (Feb 26)
- BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Pekka Savola (Feb 25)
- Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Danny McPherson (Feb 25)
- Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Pekka Savola (Feb 25)
- RE: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Randy Epstein (Feb 25)
- Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Valdis . Kletnieks (Feb 25)
- RE: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking] Randy Epstein (Feb 25)
- Re: YouTube IP Hijacking Andrew D Kirch (Feb 26)