cost of misconfigurations
jared at puck.nether.net
Thu Aug 9 14:43:50 UTC 2012
On Aug 2, 2012, at 10:31 AM, Brandt, Ralph wrote:
> The misconfiguration cost is usually not calculable in itself. But I
> think the more important issue is, "How do we prevent it?" I would
> spend more time on prevention than assessing the cost.
Lots of people have developed best practices on these topics. The
problem is pushing against the business side and keeping these in
place, and not letting the bar be low at your upstream and peers.
There is a secondary issue that is yet still unaddressed. Some vendors
still send all routes they receive out to all external peers in the
absence of a policy. This is something I want to see corrected as it
will require a bit more intelligence when it comes to BGP policy to
provide the expected behavior.
More information about the NANOG