Route leak in Bangladesh
Nick Hilliard
nick at foobar.org
Tue Jun 30 15:04:35 UTC 2015
On 30/06/2015 14:29, Mark Tinka wrote:
> - Get your downstreams to create route objects before you turn them up.
> - Get your provisioning teams to validate the prefixes being
> provided by your downstreams.
> - Use both prefix- and AS_PATH-based filters for your downstreams.
> - Use BGP communities (as you've stated).
> - No exceptions.
plus:
- fully automate ingress prefix management
- use maxprefixes with manual reenable on all ebgp sessions
I've been caught with fully automated IRR based per-session prefix
filtering where the customer put the IXP AS macro into their AS macro.
When the customer did a 7007 on this, we accepted everything that they
announced back to us, oy vey.
So you need both.
Nick
More information about the NANOG
mailing list