Max Prefixes Configured on Customer BGP
Niels Bakker
niels=nanog at bakker.net
Fri Aug 16 01:01:16 UTC 2002
* joew at accretive-networks.net (Joe Wood) [Fri 16 Aug 2002, 02:38 CEST]:
>>> I know from past experience as a transit customer, that I have
>>> personally shyed away from ISP's that have restricted me to having
>>> their NOC update my ACL.
>> But instead you prefer a "lazy" NOC, where you need manual intervention in
>> case you screw up a filter list on your end to re-enable the BGP session?
> No, instead I prefer to do all route filtering on my (cust) side, and have
> the ISP do filtering based on AS PATH, be it ^CUST-AS_ or configured off
> the RADB......
(Well, if a customer is accidentally leaking a full table then ^CUST-AS_
will still match everything they send you...)
Filtering from RADB has its own problems. It's much better now than
it was a few years ago, with RPSL, PGP authentication and not the
free-for-all it used to be. :)
> It's been my experience that a lot of the providers that do prefix
> filtering on customer BGP sessions take great amounts of time before they
> act on the prefix-filter update request. This much fun when it's 5pm or
> later and you really need to announce a new customer netblock.
My only experience in this regard is with UUNet, and they're pretty
quick. Conceded that this was during a Europe-wide outage and the
slightly too strict filter was on a transit connection in the US.
Configuring off an IRR is a Good Thing. Doing it in an automated
fashion without some sort of supervision can at best be called risky.
Take care,
-- Niels.
--
Aug 12 21:22:27 snowcrash ntpd[184]: time reset 6.666601 s
Coincidence? I think not!
More information about the NANOG
mailing list