do not filter your customers
Christopher Morrow
morrowc.lists at gmail.com
Thu Feb 23 15:49:53 UTC 2012
On Thu, Feb 23, 2012 at 1:57 AM, Randy Bush <randy at psg.com> wrote:
>>> and things when further downhill from there, when telstra also did not
>>> filter what they announced to their peers, and the peers went over
>>> prefix limits and dropped bgp.
>> Oh! so protections worked!
>
> imiho, prefix count is too big a hammer.
sure. aspath-filter! :)
> it would have been better if optus had irr-based filters in place on
> peerings with telstra. then they would not have dropped the sessions
> and their customers could still reach telstra customers.
really, both parties need/should-have filters, right?
both parties should have their 'irr data' up-to-date...
both parties should also filter outbound prefixes (so they don't leak
internals, or ...etc)
telstra seems to have ~8880 or so prefixes registered in IRRs (via
radb whois lookup)
optus has ~1217 or so prefixes registered in IRRs (again via the same
lookup to radb)
> of course, if telstra did not publish accurately in an irr instance,
> not much optus could do.
it's not clear how accurate the data is :( I do see one example that's
not telstra (and which I don't see through telstra from one host I
tested from)
203.59.57.0/24
a REACH customer, supposedly, registered by REACH on the behalf of the
customer... the whole /16 there is allocated to the same entity not
REACH though, so that's a tad confusing.
-chris
More information about the NANOG
mailing list