Erroneous BGP advertisement

• Previous message (by thread): Erroneous BGP advertisement
• Next message (by thread): No subject
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Feb 1998, Joe  Shaw wrote:

> I thought all responsible parties (like Sprint) filtered their customer
> routes.  I know I can't advertise or leak out anything to MCI or UUNet
> that I havn't registered with them.  I've heard in the past that Sprints
> route acceptance policy was a little on the trusting side, but not
> filtering your customers announcements is just silly.  They (sprint)
> should only allow their customers to advertise their registered IP space
> and stop things like this from happening.
>
> I'm looking at Sprint's BGP policy (http://www.sprint.net/bgppolicy.htm)
> and it appears that they are way too trusting.  They expect their
> customers to do everything right, and for someone with little or no
> knowledge of setting up BGP, they could quickly cause havoc for Sprint's
> or other carriers' networks.  This is especially interesting since they
> offer no BGP help what so ever according to this document.  Also according
> to this document, the customer is responsible for all filtering, which is
> an extremely poor practice.  I wonder how long it will take for a Sprint
> customer to advertise a default route out and I wonder how many sites it
> would effectively blackhole.
>
> Regards,
> Joe Shaw - jshaw at insync.net
> NetAdmin - Insync Internet Services

We multihomed with Sprint around the beginning of October.  Sprintlink
will do either AS or IP based filters to their BGP peers.  From their
bgpform.txt:

---
8. Do you prefer AS (see 8a) or IP (see 8b) based filters*?
   [ ] AS filters - answer question 8a
   [*] IP filters - answer question 8b

  * All customers are filtered based on either AS path or IP address.  AS
    filters allow customers to announce any blocks they acquire but can 
    lead to problems if the customer configuration announces other provider
    routes to us (creating transit across the customer) or our own routes 
    back to us (creating a black hole).  IP filters allow customers to 
    modify the AS announcements.  Both methods have their advantages and
    we prefer to set up IP filters because it makes the customer
    configurations simpler and avoids possible transit/black hole problems.
---

If the customer has chosen AS based filtering then they can announce any
addresses at will, causing this type of problem.

Incidently, we chose IP filtering :-).

David.Schmidt at ior.com    Internet Ventures, Inc.   (509)622-2878 x238
Spokane, Washington      http://www.perki.net/     (509)622-2872 (fax)

• Previous message (by thread): Erroneous BGP advertisement
• Next message (by thread): No subject
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]