BGPMON Alert Questions

• Previous message (by thread): BGPMON Alert Questions
• Next message (by thread): BGPMON Alert Questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday, April 04, 2014 09:58:42 AM Vitkovský Adam wrote:

> I wonder when (or if ever) we'll have such a discussion
> about data packets, i.e. finding that someone is not
> doing packet-filtering based on BGP updates is
> absolutely and unacceptably shocking!

Well, filtering in the data plane is slightly easier because 
a single subnet can cover all traffic coming from individual 
sources or going to individual destinations.

In the control plane, the industry like to filter on 
specific prefixes agreed between customer and provider, 
especially when using automated tools such as RPSL. This can 
get hairy as configurations become large, where a single 
entry with "le 24" or "le 48" could have sufficed.

On the other hand, if you're not automating control plane 
filters to some extent, it becomes messy as you get bigger.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140405/be5a2fef/attachment.sig>

• Previous message (by thread): BGPMON Alert Questions
• Next message (by thread): BGPMON Alert Questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]