do not filter your customers

Christopher Morrow morrowc.lists at gmail.com
Fri Feb 24 21:07:28 UTC 2012


On Fri, Feb 24, 2012 at 3:59 PM, Leo Bicknell <bicknell at ufp.org> wrote:
> In a message written on Fri, Feb 24, 2012 at 01:04:20PM -0700, Shane Amante wrote:
>> Solving for route leaks is /the/ "killer app" for BGPSEC.  I can't understand why people keep ignoring this.
>
> Not all "leaks" are bad.
>
> I remember when there was that undersea landside in Asia that took
> out a bunch of undersea cables.  Various providers quickly did
> mutual transit and other arrangements to route around the problem,
> getting a number of things back up quite quickly.  These did not
> match IRR records though, and likely would not have matached BGPSEC
> information, at least not initially.

well.... for bgpsec so if the paths were signed, and origins signed,
why would they NOT pass BGPSEC muster?

I can see that if the IRR data didn't match up sanely
prefix-lists/filters would need some cajoling, but that likely
happened anyway in this case.

-chris




More information about the NANOG mailing list