nanog mailing list archives

Re: best practice for advertising peering fabric routes

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Wed, 15 Jan 2014 06:02:41 +0000


On Jan 15, 2014, at 11:41 AM, Patrick W. Gilmore <patrick () ianai net> wrote:

I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP LAN should not be reachable 
from any device except those directly attached to that LAN. Period.


+1

Again, folks, this isn't theoretical.  When the particular attacks cited in this thread were taking place, I was 
astonished that the IXP infrastructure routes were even being advertised outside of the IXP network, because of these 
very issues.

IXPs are not the problem when it comes to breaking PMTU-D.  The problem is largely with enterprise networks, and with 
'security' vendors who've propagated the myth that simply blocking all ICMP somehow increases 'security'.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Re: best practice for advertising peering fabric routes, (continued)
- - - Re: best practice for advertising peering fabric routes Mark Tinka (Jan 15)
    - Re: best practice for advertising peering fabric routes William Herrin (Jan 15)
    - Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 15)
    - RE: best practice for advertising peering fabric routes Siegel, David (Jan 15)
    - Re: best practice for advertising peering fabric routes William Herrin (Jan 15)
    - Re: best practice for advertising peering fabric routes Florian Weimer (Jan 18)
- Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 14)
  - Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 14)
    - Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 14)
    - Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 14)
    - Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 14)
    - Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
    - Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)
    - Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
    - Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)
    - Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
    - Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)
    - Re: best practice for advertising peering fabric routes Saku Ytti (Jan 15)
    - Re: best practice for advertising peering fabric routes Martin Pels (Jan 18)
    - Re: best practice for advertising peering fabric routes Jim Shankland (Jan 15)
    - Re: best practice for advertising peering fabric routes Joe Abley (Jan 15)

(Thread continues...)