nanog mailing list archives

Re: BGP prefix filter list

From: Sabri Berisha <sabri () cluecentral net>
Date: Fri, 24 May 2019 10:03:52 -0700 (PDT)

Hi, 

They can, but they don't necessarily have to. In the example I mentioned, there was a private peering between them. 
Well, until very recently. My point being that it's not always black and white, and sometimes deaggregation is 
necessary for operational purposes. 

That's not to excuse lazy operators of course. 

Thanks, 

Sabri 

----- On May 22, 2019, at 11:23 AM, Ross Tajvar <ross () tajvar io> wrote:

In that case shouldn't each company advertise a /21?

On Wed, May 22, 2019, 1:11 PM Sabri Berisha < [ mailto:sabri () cluecentral net |
sabri () cluecentral net ] > wrote:

Hi,

One legitimate reason is the split of companies. In some cases, IP space needs
to be divided up. For example, company A splits up in AA and AB, and has a /20.
Company AA may advertise the /20, while the new AB may advertise the top or
bottom /21. I know of at least one worldwide e-commerce company that is in that
situation.

Thanks,

Sabri

----- On May 22, 2019, at 9:40 AM, Tom Beecher <beecher () beecher cc> wrote:

There are sometimes legitimate reasons to have a covering aggregate with some
more specific announcements. Certainly there's a lot of cleanup that many
should do in this area, but it might not be the best approach to this issue.

On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta < [
mailto:alejandroacostaalamo () gmail com | alejandroacostaalamo () gmail com ] >
wrote:

On 5/20/19 7:26 PM, John Kristoff wrote:

On Mon, 20 May 2019 23:09:02 +0000
Seth Mattinen < [ mailto:sethm () rollernet us | sethm () rollernet us ] > wrote:

A good start would be killing any /24 announcement where a covering
aggregate exists.

I wouldn't do this as a general rule. If an attacker knows networks are
1) not pointing default, 2) dropping /24's, 3) not validating the
aggregates, and 4) no actual legitimate aggregate exists, (all
reasonable assumptions so far for many /24's), then they have a pretty
good opportunity to capture that traffic.

+1 John

Seth approach could be an option _only_ if prefix has an aggregate
exists && as origin are the same

John

Current thread:

Re: BGP prefix filter list, (continued)
- - - Re: BGP prefix filter list Seth Mattinen (May 20)
    - Re: BGP prefix filter list William Herrin (May 20)
    - Message not available
    - Re: BGP prefix filter list John Kristoff (May 20)
    - Re: BGP prefix filter list Seth Mattinen (May 20)
    - Re: BGP prefix filter list Ca By (May 20)
    - Re: BGP prefix filter list Alejandro Acosta (May 21)
    - Re: BGP prefix filter list Tom Beecher (May 22)
    - Re: BGP prefix filter list Alejandro Acosta (May 22)
    - Re: BGP prefix filter list Sabri Berisha (May 22)
    - Re: BGP prefix filter list Ross Tajvar (May 22)
    - Re: BGP prefix filter list Sabri Berisha (May 24)
    - Re: BGP prefix filter list Mike Hammett (May 24)
    - Re: BGP prefix filter list William Herrin (May 24)
    - Re: BGP prefix filter list Blake Hudson (May 24)
    - Re: BGP prefix filter list William Herrin (May 24)
    - Re: BGP prefix filter list James Jun (May 25)
    - Re: BGP prefix filter list Robert Blayzor (May 30)
    - Re: BGP prefix filter list William Herrin (May 30)
    - Re: BGP prefix filter list Mel Beckman (May 30)
    - Re: BGP prefix filter list William Herrin (May 30)
    - Re: BGP prefix filter list Mel Beckman (May 30)

(Thread continues...)