BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]

Danny McPherson danny at tcb.net
Mon Feb 25 18:54:58 UTC 2008


On Feb 25, 2008, at 6:08 AM, Pekka Savola wrote:
>
> In a lot of this dialogue, many say, "you should prefix filter".  
> However, I'm not seeing how an ISP could easily adopt such filtering.
>
> So, this is no excuse for not doing prefix filtering if you only do  
> business in the RIPE region, but anywhere else the IRR data is  
> pretty much useless, incorrect, or both.

Agreed.

>
> (Yeah, we prefix filter all our customers.  Our IPv6 peers are also  
> prefix filtered, based on RIPE IRR data (with one exception).  IPv4  
> peers' advertisements seem to be too big a mess, and too long  
> filters, to fix this way.)


Do you explicitly filter routes from your upstream or transit providers?
E.g., if one were to announce, say, a more specific of one of your
customer's routes to you would you accept it?  What about someone
else's address space?

The only full set of prefix filtering I've ever seen implemented (i.e.,
BGP customers AND peers) was b y ANS during my days at iMCI
~95.  It was extremely painful at times, even for us, if we wanted to
advertise new address space we had to update IRR objects and
wait on their nightly push of updated routing policies at ANS.  We
generated our own routing policies automatically off our IRR, which
mirrored others as well, and explicitly prefix filtered customers with
some fixed prefix and AS path-based policies applied to peers.  If it
  became really urgent, then we'd call ANS and have them manually
update their policy, and subsequently 'bounce' the route
announcement to trigger transmission of a new update.

This was long before incrementally updated filters and things like
BGP route refresh ever existed.  Prefixes and AS-MACROs had to
be right in the IRRs or the policies wouldn't be updated.  It's to bad
other folks didn't follow suit.

As for this event, a slightly different spin here:

http://tinyurl.com/3y3pzl

-danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080225/d9177423/attachment.html>


More information about the NANOG mailing list