intra-AS messaging for route leak prevention
Joe Provo
nanog-post at rsuc.gweep.net
Wed Jun 8 12:48:11 UTC 2016
On Wed, Jun 08, 2016 at 11:48:36AM +0000, Sriram, Kotikalapudi (Fed) wrote:
> Thanks for the inputs about the inter-AS messaging and route-leak prevention
> techniques between neighboring ASes. Certainly helpful information and also useful
> for the draft (draft-ietf-idr-route-leak-detection-mitigation).
>
> However, my question was focused on "intra-AS" messaging.
> About conveying from ingress to egress router (within your AS),
> the info regarding the type of peer from which the route was received at ingress.
> This info is used at the egress router to avoid leaking a route.
>
> Question: Is the "common practice" described in the original message
> http://mailman.nanog.org/pipermail/nanog/2016-June/086242.html (see the stuff in quotes)
> sufficient or are there other ways in common use in which network operators
> convey the said information from ingress to egress router?
"There are more routing policies in heavan and earth, Sriram
Than are dreamt of in your draft."
But in my experience, community tagging is by far the widest
deployment due to the broad support and extent of information
which can be carried. It is useful to note that AS_PATH if
often also involved on egress decisions.
The sadness is that some platforms' processing of prefixes
and policies coupled with certain operational practices mean
we still see leaks beyond intended scope during maintenance
windows.
cheers!
Joe
--
RSUC / GweepNet / Spunk / FnB / CotSG / Usenix / NANOG
More information about the NANOG
mailing list