Peer Filtering

John van Oppen john at vanoppen.com
Tue Feb 3 03:54:20 UTC 2009


Yep agreed...    We balance that by keeping the max-prefix no more than
about 40% over the current prefix limit on each peer.   For us it is a
trade-off, accept the routes or don't send the traffic to peering.   The
couple of times I have seen route leaks that involved one or two routes
they were paths that worked, they were just wrong and we ended up just
throwing a prefix-list on that peer. 

The thing is, one basically has to trust one's transit providers which
don't always filter well.  Given this trusting one's peers at least
some-what does not seem too out there.


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-----Original Message-----
From: Martin Barry [mailto:marty at supine.com] 
Sent: Monday, February 02, 2009 7:22 PM
To: nanog at nanog.org
Subject: Re: Peer Filtering

$quoted_author = "John van Oppen" ;
> 
> Here in the US we don't bother, max-prefix covers it...   It seems
that
> US originated prefixes are rather sporadically entered into the
routing
> DBs.
 
...and you are not worried about someone leaking a subset of routes?

I understand that most failure cases would trigger a max-prefix but a
typo
could allow just enough leakage to not hit max-prefix and yet still make
something "important" unreachable.

cheers
marty

-- 
with usenet gone, we just don't teach our kids entertainment-level
hyperbole
any more. --Paul Vixie

http://www.merit.edu/mail.archives/nanog/2006-01/msg00593.html





More information about the NANOG mailing list