NTT->HE earlier today (~10am EDT)

• Previous message (by thread): NTT->HE earlier today (~10am EDT)
• Next message (by thread): NTT->HE earlier today (~10am EDT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have been pushing large configurations to devices. You can check my slides from the London IEPG meeting. 

When 96% of your config is prefix filters we are sure trying.

I ask others to encourage your vendors to make this a priority as we have faced a number of issues in this area and have been waiting quite some time for vendor resolution. 

Jared Mauch

> On Jun 30, 2015, at 5:26 PM, Mike Leber <mleber at he.net> wrote:
> 
> 
> 
>> On 6/30/15 3:02 PM, Tore Anderson wrote:
>> * Mike Leber
>> 
>>> I was thinking that when I posted yesterday.
>>> 
>>> These were announcements from a peer, not customer routes.
>>> 
>>> We are lowering our max prefix limits on many peers as a result of this.
>>> 
>>> We are also going towards more prefix filtering on peers beyond bogons
>>> and martians.
>> Hi Mike,
>> 
>> You're not mentioning RPKI here. Any particular reason why not?
>> 
>> If I understand correctly, in today's leak the origin AS was
>> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz'
>> day, considering that 33 of AS43996's prefixes are covered by ROAs.)
> 
> Yes, we will incorporate RPKI into how we build our prefix filters for peers as we improve our tools.
> 
> Currently this will involve some amount of prefix list compression due to the limits of current hardware and the need to still have BGP converge.
> 
> As Job Snijders said, "I would forsee issues if i'd try to add an eleven megabyte prefix-list on all devices in the network.".
> 
> Mike.

• Previous message (by thread): NTT->HE earlier today (~10am EDT)
• Next message (by thread): NTT->HE earlier today (~10am EDT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]