NTT->HE earlier today (~10am EDT)

• Previous message (by thread): NTT->HE earlier today (~10am EDT)
• Next message (by thread): NTT->HE earlier today (~10am EDT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, June 30, 2015, Mike Leber <mleber at he.net> wrote:

>
>
> On 6/30/15 3:02 PM, Tore Anderson wrote:
>
>> * Mike Leber
>>
>>  I was thinking that when I posted yesterday.
>>>
>>> These were announcements from a peer, not customer routes.
>>>
>>> We are lowering our max prefix limits on many peers as a result of this.
>>>
>>> We are also going towards more prefix filtering on peers beyond bogons
>>> and martians.
>>>
>> Hi Mike,
>>
>> You're not mentioning RPKI here. Any particular reason why not?
>>
>> If I understand correctly, in today's leak the origin AS was
>> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz'
>> day, considering that 33 of AS43996's prefixes are covered by ROAs.)
>>
>
> Yes, we will incorporate RPKI into how we build our prefix filters for
> peers as we improve our tools.
>
> Currently this will involve some amount of prefix list compression due to
> the limits of current hardware and the need to still have BGP converge.
>
> As Job Snijders said, "I would forsee issues if i'd try to add an eleven
> megabyte prefix-list on all devices in the network.".
>
> Mike.
>

It is NTT that would have mitigated this issue if they deployed and
enforcer rpki, right?

• Previous message (by thread): NTT->HE earlier today (~10am EDT)
• Next message (by thread): NTT->HE earlier today (~10am EDT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]