Is it time to abandon bogon prefix filters?
Jo Rhett
jrhett at netconsonance.com
Thu Aug 21 22:01:20 UTC 2008
On Aug 20, 2008, at 7:00 AM, Kevin Loch wrote:
> It doesn't look like the feasible paths rpf handles the situation
> where
> your bgp customer is not announcing all or any of their prefixes to
> you.
> This can be done for TE or debugging an inbound routing
> issue. Announcing prefixes to me and then blackholing the traffic
> is not something I would appreciate as a customer.
>
> If you do this (or strict rpf) on BGP customers at least warn them
> up front
> that if they ever stop announcing prefixes to you then traffic they
> send
> you will get dropped.
Clueful BGP admins know how to send their routes with no-advertise on
them.
There are fairly good reasons to require your direct customers always
advertise their routes to you, even if you won't be readvertising
them. uRPF is one. Not paying transit both inbound and out for multi-
gig DoS attacks is my favorite. Etc.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
More information about the NANOG
mailing list