Deaggregating for emergency purposes
John M. Brown
john at chagresventures.com
Wed Aug 7 03:52:34 UTC 2002
Whats a tier 1??
ps: follow the AS path, call AS's in the path from the bad announcment.
Get the peers to stop receiving it.
it might be wack-a-mole, but thats part of the job..
On Tue, Aug 06, 2002 at 02:59:15PM -0400, Phil Rosenthal wrote:
>
> Yes, it is lovely when things work out like that.
> My one experience with this problem was with Telia announcing my more
> specifics, and their US NOC referred me to their Europe NOC, and there
> no one spoke English. They are a tier1, so they don't have any upstream
> to call. It took 20 phone calls and more than an hour to get to someone
> who cared enough to do anything about it.
>
> --Phil
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Derek Samford
> Sent: Tuesday, August 06, 2002 2:51 PM
> To: pr at isprime.com; 'E.B. Dreger'; nanog at merit.edu
> Subject: RE: Deaggregating for emergency purposes
>
>
>
> Phil,
> You would think, after hearing about 30 people with clue+++
> talk, you may realize that this is a patently *bad* thing and should not
> be done. If your route's are being hijacked you can generally solve your
> problems in 2-5 phone calls...That's all it's *ever* taken me. 1. Call
> their NOC. 2. If not helpful call their upstream. 3. Call a couple of
> Tier 1's who are transit for their upstream, and have them filter it.
> Done deal, in the time that you've managed to call your ISP and (maybe)
> gotten about half the internet to reach you, you've solved the problem
> for the whole net and have ZERO reachability concerns. This is my first
> and last post to this ridiculous thread.
>
> Derek
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Phil Rosenthal
> Sent: Tuesday, August 06, 2002 2:44 PM
> To: 'E.B. Dreger'; nanog at merit.edu
> Subject: RE: Deaggregating for emergency purposes
>
>
> ---
> So explain how this is superior to DNS entr(y|ies) stating who your
> peers and upstreams are. And there's nothing to say that one could not
> specify allowed filters in DNS, too.
>
> If someone wants me to advertise 192.168.7/24, and DNS indicates the
> proper netblock is 192.168.0/19 and their ASN is not origin or adjacent
> hop, I'll be suspicious. What I do from there becomes a policy
> question; I probably would contact the IP block owner to verify the
> request.
> ---
>
> My way isn't superior at all to a secure BGP solution, but until that
> exists, I need a choice.
>
> I am definitely on the bandwagon for the need for a secure BGP.
>
> --Phil
>
>
>
More information about the NANOG
mailing list