[NANOG] peering between ASes
Nathan Ward
nanog at daork.net
Sat May 17 08:13:12 UTC 2008
On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote:
> Nathan Ward wrote:
>> If the foreign AS really wants to send you routes that way, they
>> can do it regardless of how you stop your advertisements being
>> accepted by/ reaching them. We're hardly talking high security here.
>>
>> ip route <prefix> <netmask> 1.1.1.1 works a treat.
>>
> I'm not quite sure of your point Nathan. That'd stop connectivity
> which isn't usually the point - especially if the issue is point (2)
> below.
If a foreign AS wants to work around things put in place by you/others
so they don't get your prefixes (be it ASPATH poisoning, route
filtering by the MLPA route-server operator, etc.) they can do so
easily by putting a static route in to their equipment.
My point is that none of these techniques are bulletproof.
I think I meant to say "packets" where I said "routes" where you
quoted me above, also, that ip route blah was something that the
foreign AS would stuff in to their router. I hope that's a bit more
clear.
> MLPAs are disliked for two main reasons that I've been able to
> discern.
I'm not debating for/against MLPAs, that doesn't really go anywhere
productive. I'm giving info that some people might find useful if
they've got a network condition they need to work around with a dirty
hack.
--
Nathan Ward
More information about the NANOG
mailing list