[NANOG] peering between ASes

Nathan Ward nanog at daork.net
Sat May 17 03:13:12 CDT 2008


On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote:
> Nathan Ward wrote:
>> If the foreign AS really wants to send you routes that way, they  
>> can  do it regardless of how you stop your advertisements being  
>> accepted by/ reaching them. We're hardly talking high security here.
>>
>> ip route <prefix> <netmask> 1.1.1.1 works a treat.
>>
> I'm not quite sure of your point Nathan.   That'd stop connectivity  
> which isn't usually the point - especially if the issue is point (2)  
> below.

If a foreign AS wants to work around things put in place by you/others  
so they don't get your prefixes (be it ASPATH poisoning, route  
filtering by the MLPA route-server operator, etc.) they can do so  
easily by putting a static route in to their equipment.

My point is that none of these techniques are bulletproof.

I think I meant to say "packets" where I said "routes" where you  
quoted me above, also, that ip route blah was something that the  
foreign AS would stuff in to their router. I hope that's a bit more  
clear.

> MLPAs are disliked for two main reasons that I've been able to  
> discern.


I'm not debating for/against MLPAs, that doesn't really go anywhere  
productive. I'm giving info that some people might find useful if  
they've got a network condition they need to work around with a dirty  
hack.

--
Nathan Ward





More information about the NANOG mailing list