nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NANOG] peering between ASes

From: Nathan Ward <nanog () daork net>
Date: Sat, 17 May 2008 20:13:12 +1200
On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote:

Nathan Ward wrote:

If the foreign AS really wants to send you routes that way, they  
can  do it regardless of how you stop your advertisements being  
accepted by/ reaching them. We're hardly talking high security here.

ip route <prefix> <netmask> 1.1.1.1 works a treat.


I'm not quite sure of your point Nathan.   That'd stop connectivity  
which isn't usually the point - especially if the issue is point (2)  
below.


If a foreign AS wants to work around things put in place by you/others  
so they don't get your prefixes (be it ASPATH poisoning, route  
filtering by the MLPA route-server operator, etc.) they can do so  
easily by putting a static route in to their equipment.

My point is that none of these techniques are bulletproof.

I think I meant to say "packets" where I said "routes" where you  
quoted me above, also, that ip route blah was something that the  
foreign AS would stuff in to their router. I hope that's a bit more  
clear.


MLPAs are disliked for two main reasons that I've been able to  
discern.



I'm not debating for/against MLPAs, that doesn't really go anywhere  
productive. I'm giving info that some people might find useful if  
they've got a network condition they need to work around with a dirty  
hack.

--
Nathan Ward


_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog
Previous By Date Next
Previous By Thread Next

Current thread: