NTT->HE earlier today (~10am EDT)

Mike Leber mleber at he.net
Tue Jun 30 22:26:46 UTC 2015



On 6/30/15 3:02 PM, Tore Anderson wrote:
> * Mike Leber
>
>> I was thinking that when I posted yesterday.
>>
>> These were announcements from a peer, not customer routes.
>>
>> We are lowering our max prefix limits on many peers as a result of this.
>>
>> We are also going towards more prefix filtering on peers beyond bogons
>> and martians.
> Hi Mike,
>
> You're not mentioning RPKI here. Any particular reason why not?
>
> If I understand correctly, in today's leak the origin AS was
> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz'
> day, considering that 33 of AS43996's prefixes are covered by ROAs.)

Yes, we will incorporate RPKI into how we build our prefix filters for 
peers as we improve our tools.

Currently this will involve some amount of prefix list compression due 
to the limits of current hardware and the need to still have BGP converge.

As Job Snijders said, "I would forsee issues if i'd try to add an eleven 
megabyte prefix-list on all devices in the network.".

Mike.



More information about the NANOG mailing list