BGP Path Filtering
jabley at isc.org
Sat May 17 00:20:39 UTC 2003
On Friday, May 16, 2003, at 20:00 Canada/Eastern, Sean Donelan wrote:
> Small ISPs with only a few eBGP neighbors (i.e. less than a dozen) and
> a few network prefixes (i.e. less than a 100) probablly should stick
> hardcoded, explicit prefix and as-path filters. Coordinate the
> updates to the filters with your upstreams (since they should be
> filtering your announcements on ingress anyway). You are less likely
> mess things up, and its simplier to understand if another network
> engineer needs to debug things later.
Having being involved in cleaning up the networks of many small ISPs
(by your definition of small) after they have been deployed by people
long since departed, I completely disagree with your last sentence.
Maybe complexity is in the eye of the beholder, but ISPs which classify
the routes they carry according to origin using community string
attributes are much easier to debug and understand than those who
specify their exit policy using hard-coded prefix and as-path filters
all over the place.
I don't think "start messy and clean up later" is good advice. Do it
right the first time, and grow smoothly without difficult migrations.
More information about the NANOG