Re: Prefix-Hijack by AS7514

[Jared Mauch <jared () puck Nether net>]

On Fri, Jul 17, 2015 at 10:47:38AM +0000, Wolfgang Tremmel wrote:
> > On 17.07.2015, at 12:03, Mark Tinka <mark.tinka () seacom mu> wrote:
> >
> > Some countries I know do this for their exchange points. But
> > by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
>
> it does scale.
> We do this for all our routeservers at all exchange points we operate.
> In Frankfurt we have 745 peers on our routeservers.

        Scale has become my favorite term from vendors that sets off
alarm bells.

        The problem is usually limited by someones imagination like
"why would you have more than 1 comment/remark", or "what do you mean
a customer has 200k prefixes registered".

        it all depends on who/where and what role you play.

        We have tried prefix filtering peers before.  It's an
excercise in frustration when it comes to vendors ability to
ingest the large sets and/or changes.  I talked about this
privately and at things like IEPG.

http://iepg.org/2014-03-02-ietf89/ietf89_iepg_jmauch.pdf

        The situation and technology haven't substantively changed
in the interim.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.