Clue's for Clue-less
Martin, Christian
CMartin at mercury.balink.com
Mon Oct 26 21:37:40 UTC 1998
I agree that core stability is of utmost importance, but by randomly and
somewhat unilaterally denying prefixes without verification of the
validity of their origin...Hmm, lets see...AS 1 sending the 4.0.0.0
netblock across a direct peering point, but it get's nicked because of
max-prefix, so it comes across through a multihomed downstream and all
of a sudden, sorry little multihomed downstream is carrying 200 Megs of
BBN transit. Oops!
I would think that the only thing that this command protects is routers
with slim memory profiles. Core routers should let the BGP decision
process clean the routes, although I do get scared when 10,000 new
routes appear over the weekend. After this weekends fiasco, I can see
your reasons, though. Maybe RSNG is useful after all...
Chris
> -----Original Message-----
> From: Richard Irving [mailto:rirving at onecall.net]
> Sent: Monday, October 26, 1998 4:27 PM
> To: Martin, Christian
> Cc: 'nanog at merit.edu'
> Subject: Re: Clue's for Clue-less
>
>
> No proof one way, or the other, Martin....
>
> The only neighbors I lost on this one, dumped something
> they shouldn't..... If someone de-aggregates a /16,
> it fires off alarms.... Although these may be valid advertisements,
> We have opted for the "safe, rather than sorry" perspective.
> (Besides, the alarms *assure* prompt attention)
>
> Running the internet requires a certain degree of Altruism.
> One should set policies that *protect* the core, rather than one's
> own....... ;)
>
> Doing other than this will result in a global internet
> that is not reliable...And we all lose.
>
> "The good of the many, outweigh the desires of the few"
>
> (No matter *how* expensive a tie they wear ;)
>
> PS: 11.2.xx and higher have this command...
>
>
> Martin, Christian wrote:
> >
> > Richard Irving Wrote:
> > > To "You Know Who You Are":
> > >
> > > Since some of the filtering policies on the core *seem* to
> > > not benefit the Internet as a whole... (or is that Hole ? ;)
> > >
> > > May I suggest one that does:
> > >
> > > neighbor WWW.XXX.YYY.ZZZ maximum-prefix XXXXX
> > >
> > > It has a way of dropping "clue-nots"..... When
> > > they demonstrate said title.....
> > >
> > > Your clueful attention appreciated.
> > >
> > > Signed,
> > >
> > > One *URKED* Core Operator.
> > >
> >
> > What if it has a way of dropping big blocks? From what I've seen n
> > sniffer traces, it depends on how the routes are stored in
> the BGP table
> > that determines how they are advertised. This may have the
> effect of
> > sinking large, valid netblocks. Unless you've seen otherwise...
> >
> > -Chris
>
More information about the NANOG
mailing list