Re: BGPMON Alert Questions

[Mark Tinka <mark.tinka () seacom mu>]

On Friday, April 04, 2014 05:17:36 PM Sharon Goldberg wrote:

> Right, we didn't include that in our analysis because we
> didn't have a good sense for how many ISPs actually do
> filter their downstream downstreams. So we chose to give
> a conservative estimate of the impact of prefix
> filtering in partial deployment: we assumed that no one
> filters their downstreams downstreams.  I'm honestly not
> sure exactly what including this assumption would do to
> our results, except to say that it would make them
> better (ie. that more attacks would be stopped).  Might
> be a good experiment for one of my summer interns.

I've typically been on the side where we filter just the 
downstream and apply AS_PATH filtering liberally for their 
downstreams.

At $current_job, we're now filtering both downstream and 
downstream's downstreams on AS_PATH + prefix list, taking 
the prefix aggregate and suffixing "le 24" or "le 48".

We are now thinking about how to scale this without using 
RPSL, as that creates lots and lots of clutter in the 
configuration, as well as sub-optimal forwarding when 
customers are sending routes you aren't accepting when they 
forget that RPSL-based filtering is prefix-specific.

Mark.

Attachment: signature.asc
Description: This is a digitally signed message part.