Is it time to abandon bogon prefix filters?

Jo Rhett jrhett at netconsonance.com
Thu Aug 21 22:01:20 UTC 2008


On Aug 20, 2008, at 7:00 AM, Kevin Loch wrote:
> It doesn't look like the feasible paths rpf handles the situation  
> where
> your bgp customer is not announcing all or any of their prefixes to  
> you.
> This can be done for TE or debugging an inbound routing
> issue.  Announcing prefixes to me and then blackholing the traffic
> is not something I would appreciate as a customer.
>
> If you do this (or strict rpf) on BGP customers at least warn them  
> up front
> that if they ever stop announcing prefixes to you then traffic they  
> send
> you will get dropped.


Clueful BGP admins know how to send their routes with no-advertise on  
them.

There are fairly good reasons to require your direct customers always  
advertise their routes to you, even if you won't be readvertising  
them.  uRPF is one.  Not paying transit both inbound and out for multi- 
gig DoS attacks is my favorite.  Etc.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness






More information about the NANOG mailing list