do not filter your customers

• Previous message (by thread): do not filter your customers
• Next message (by thread): do not filter your customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 23, 2012 at 1:57 AM, Randy Bush <randy at psg.com> wrote:
>>> and things when further downhill from there, when telstra also did not
>>> filter what they announced to their peers, and the peers went over
>>> prefix limits and dropped bgp.
>> Oh! so protections worked!
>
> imiho, prefix count is too big a hammer.

sure. aspath-filter! :)

> it would have been better if optus had irr-based filters in place on
> peerings with telstra.  then they would not have dropped the sessions
> and their customers could still reach telstra customers.

really, both parties need/should-have filters, right?
both parties should have their 'irr data' up-to-date...
both parties should also filter outbound prefixes (so they don't leak
internals, or ...etc)

telstra seems to have ~8880 or so prefixes registered in IRRs (via
radb whois lookup)
optus has ~1217 or so prefixes registered in IRRs (again via the same
lookup to radb)

> of course, if telstra did not publish accurately in an irr instance,
> not much optus could do.

it's not clear how accurate the data is :( I do see one example that's
not telstra (and which I don't see through telstra from one host I
tested from)
  203.59.57.0/24

a REACH customer, supposedly, registered by REACH on the behalf of the
customer... the whole /16 there is allocated to the same entity not
REACH though, so that's a tad confusing.

-chris

• Previous message (by thread): do not filter your customers
• Next message (by thread): do not filter your customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]