nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Route leak in Bangladesh

From: Job Snijders <job () instituut net>
Date: Tue, 30 Jun 2015 15:41:18 +0200
On Tue, Jun 30, 2015 at 10:22:38PM +0900, Matsuzaki Yoshinobu wrote:

Randy Bush <randy () psg com> wrote

A friend in AS58587 confirmed that this was caused by a configuration
error - it seems like related to redistribution, and they already
fixed that.


7007 all over again.  do not redistribute bgp into igp.  do not
redistribute igp into bgp.


I also suggested them to implement BGP community based route filtering
in their outbound policy.  Any other suggestions or thoughts to
prevent such incidents in general?


In addition to the BGP community scheme, outbound as-path filters could
help. Most network's list of transit providers is fairly static, it
would be easiy with as-path filters to prevent announcing upstream
routes to other upstreams or peering partners.

Kind regards,

Job
Previous By Date Next
Previous By Thread Next

Current thread: