6453 routing leaks (January and Today)
Mark Gauvin
MGauvin at dryden.ca
Fri Feb 25 18:39:49 UTC 2011
Would love a pm on the platform in question
Sent from my iPhone
On 2011-02-25, at 12:23 PM, "Paul Stewart" <paul at paulstewart.org> wrote:
> Yes, very scary actually....
>
> Human error is unavoidable - it's going to happen at times - BUT....
>
> In our communities design, there has been times where we have missed
> a tag
> on an inbound customer for example. It scares the crap out of me to
> think
> that something like that simple mistake could cause route leakage.
> Thankfully, anytime it has happened it would caught pretty quickly
> and fixed
> - in the meantime the routes simply didn't leave our network (the
> way it
> should be).
>
> Obviously the scales are different between someone like ourselves
> and that
> of TATA - but the principles and common sense remain.
>
> Paul
>
>
>
> -----Original Message-----
> From: Richard A Steenbergen [mailto:ras at e-gerbil.net]
> Sent: Friday, February 25, 2011 12:52 PM
> To: Jared Mauch
> Cc: NANOG list
> Subject: Re: 6453 routing leaks (January and Today)
>
> On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
>> Update:
>>
>> I have had a source ask me to post the following:
>>
>> -- snip --
>> The problem with route leaking was caused by specific routing
>> platform
>> resulting in some peer routes not being properly tagged.
>> We are deploying additional measures to prevent this from happening
>> in
>> the future
>> -- snip --
>
> Hopefully someone learned a lesson about BGP community design, and how
> it should fail safe by NOT leaking if you accidentally fail to tag a
> route. Always require a positive match on a route to advertise to
> peers,
> not the absence of a negative match.
>
> --
> Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1
> 2CBC)
>
>
More information about the NANOG
mailing list