BGPMON Alert Questions
Mark Tinka
mark.tinka at seacom.mu
Sat Apr 5 11:21:20 UTC 2014
On Friday, April 04, 2014 05:17:36 PM Sharon Goldberg wrote:
> Right, we didn't include that in our analysis because we
> didn't have a good sense for how many ISPs actually do
> filter their downstream downstreams. So we chose to give
> a conservative estimate of the impact of prefix
> filtering in partial deployment: we assumed that no one
> filters their downstreams downstreams. I'm honestly not
> sure exactly what including this assumption would do to
> our results, except to say that it would make them
> better (ie. that more attacks would be stopped). Might
> be a good experiment for one of my summer interns.
I've typically been on the side where we filter just the
downstream and apply AS_PATH filtering liberally for their
downstreams.
At $current_job, we're now filtering both downstream and
downstream's downstreams on AS_PATH + prefix list, taking
the prefix aggregate and suffixing "le 24" or "le 48".
We are now thinking about how to scale this without using
RPSL, as that creates lots and lots of clutter in the
configuration, as well as sub-optimal forwarding when
customers are sending routes you aren't accepting when they
forget that RPSL-based filtering is prefix-specific.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140405/ef0fb00a/attachment.sig>
More information about the NANOG
mailing list