do not filter your customers

Christopher Morrow morrowc.lists at
Thu Feb 23 15:49:53 UTC 2012

On Thu, Feb 23, 2012 at 1:57 AM, Randy Bush <randy at> wrote:
>>> and things when further downhill from there, when telstra also did not
>>> filter what they announced to their peers, and the peers went over
>>> prefix limits and dropped bgp.
>> Oh! so protections worked!
> imiho, prefix count is too big a hammer.

sure. aspath-filter! :)

> it would have been better if optus had irr-based filters in place on
> peerings with telstra.  then they would not have dropped the sessions
> and their customers could still reach telstra customers.

really, both parties need/should-have filters, right?
both parties should have their 'irr data' up-to-date...
both parties should also filter outbound prefixes (so they don't leak
internals, or ...etc)

telstra seems to have ~8880 or so prefixes registered in IRRs (via
radb whois lookup)
optus has ~1217 or so prefixes registered in IRRs (again via the same
lookup to radb)

> of course, if telstra did not publish accurately in an irr instance,
> not much optus could do.

it's not clear how accurate the data is :( I do see one example that's
not telstra (and which I don't see through telstra from one host I
tested from)

a REACH customer, supposedly, registered by REACH on the behalf of the
customer... the whole /16 there is allocated to the same entity not
REACH though, so that's a tad confusing.


More information about the NANOG mailing list