Peer Filtering

John van Oppen john at
Tue Feb 3 03:54:20 UTC 2009

Yep agreed...    We balance that by keeping the max-prefix no more than
about 40% over the current prefix limit on each peer.   For us it is a
trade-off, accept the routes or don't send the traffic to peering.   The
couple of times I have seen route leaks that involved one or two routes
they were paths that worked, they were just wrong and we ended up just
throwing a prefix-list on that peer. 

The thing is, one basically has to trust one's transit providers which
don't always filter well.  Given this trusting one's peers at least
some-what does not seem too out there.

John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300

-----Original Message-----
From: Martin Barry [mailto:marty at] 
Sent: Monday, February 02, 2009 7:22 PM
To: nanog at
Subject: Re: Peer Filtering

$quoted_author = "John van Oppen" ;
> Here in the US we don't bother, max-prefix covers it...   It seems
> US originated prefixes are rather sporadically entered into the
> DBs.
...and you are not worried about someone leaking a subset of routes?

I understand that most failure cases would trigger a max-prefix but a
could allow just enough leakage to not hit max-prefix and yet still make
something "important" unreachable.


with usenet gone, we just don't teach our kids entertainment-level
any more. --Paul Vixie

More information about the NANOG mailing list