nanog mailing list archives
Re: More specifics from AS18978
From: Job Snijders <job () instituut net>
Date: Fri, 27 Mar 2015 11:03:53 +0100
On Thu, Mar 26, 2015 at 11:26:07PM -0400, ML wrote:
On 3/26/2015 6:20 PM, Nick Rose wrote:While investigating the issue we did find that the noction appliance stopped advertising the no export community string with its advertisements which is why certain prefixes were also seen.Wouldn't it be a BCP to set no-export from the Noction device too?
Sure, but even that might not always prevent the fake paths from leaking to your eBGP neighbors. For instance, not too long ago there was this bug: "Routes learned with the no-export community from an iBGP neighbor are being advertised to eBGP neighbors. This may occur on Cisco ASR 9000 Series Aggregation Services Routers." (don't remember BugID) In other words: it can happen to the best of us. You should not lie to yourself by inserting fake more-specific paths into routing tables. The moment your lies somehow manage to escape into the default-free-zone you are taking other businesses down. Whether the leak is caused by a bug in the router's software or human error, destroying other people's online presence is far beyond acceptable. If the same leak would've happened /without/ the fake more-specifics, it'd still be an issue, but the collateral damage would have been dampened. The leaked paths would have to compete with the normal paths and best-path selectors like as-path length apply. Using software to insert fake more-specific paths into your routing domain should be discouraged and frowned upon. Kind regards, Job
Current thread:
- RE: Prefix hijack by INDOSAT AS4795 / AS4761, (continued)
- RE: Prefix hijack by INDOSAT AS4795 / AS4761 Peter Rocca (Mar 26)
- Re: Prefix hijack by INDOSAT AS4795 / AS4761 Christopher Morrow (Mar 26)
- Re: Prefix hijack by INDOSAT AS4795 / AS4761 Chuck Anderson (Mar 26)
- Re: Prefix hijack by INDOSAT AS4795 / AS4761 Paul S. (Mar 26)
- Re: Prefix hijack by INDOSAT AS4795 / AS4761 Andree Toonk (Mar 26)
- RE: Prefix hijack by INDOSAT AS4795 / AS4761 Peter Rocca (Mar 26)
- RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] Randy (Mar 26)
- RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] Nick Rose (Mar 26)
- RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] Nick Rose (Mar 26)
- Re: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] ML (Mar 26)
- Re: More specifics from AS18978 Job Snijders (Mar 27)
- Re: More specifics from AS18978 Mark Tinka (Mar 27)
- Re: Prefix hijack by INDOSAT AS4795 / AS4761 Christopher Morrow (Mar 26)
- RE: Prefix hijack by INDOSAT AS4795 / AS4761 Peter Rocca (Mar 26)