AS-Path - ORF Draft

Mike Hammett nanog at ics-il.net
Mon Oct 23 12:53:03 CST 2017


Should I assume that invigorating traction for a 17 year old draft is rather difficult? 

It is my understanding that Network B does wish to accept Network A's prefixes elsewhere, just not here. I believe that specifying the block via IRR would be universal and probably not wanted. 

Some of my fellow IX operators have advised me to avoid doing manual filtering for a variety of reasons. 

Which IXes have a web portal for that? Offlist is fine. I'd like to see that and talk to them about their implementation. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Job Snijders" <job at ntt.net> 
To: "Mike Hammett" <nanog at ics-il.net> 
Cc: "NANOG" <nanog at nanog.org> 
Sent: Monday, October 23, 2017 12:36:24 AM 
Subject: Re: AS-Path - ORF Draft 

On Sun, Oct 22, 2017 at 05:37:52PM -0500, Mike Hammett wrote: 
> Network A was sending more routes into the route server than Network B 
> could handle. Network B would like Network A's routes filtered before 
> they even got to their router. 
> 
> Googling a bit I saw pages talking about saving CPU or what have you, 
> but the main thing was Network B has a limited FIB. They have a prefix 
> limit specified to protect that. Their device goes through prefix 
> limit before prefix filter, so their filters wouldn't even see the 
> advertisements as the prefix limit already killed the session. Raise 
> the prefix limit so that the filters can get to work and now you're 
> vulnerable to someone else injecting a ton of routes and melting their 
> router. 
> 
> If that draft were supported by Network B's router and the route 
> servers, I believe that Network B could tell the route servers to 
> filter Network A's prefixes before sending them, thus saving their 
> FIB. 

Your interpretation of the functionality described in the draft is 
correct. Work on this draft started in december 2000 as can be read 
here: https://tools.ietf.org/html/draft-keyur-bgp-aspath-orf. I am not 
aware of any implementations, and having read the draft and observing 
there are no IANA codepoint assignments yet, it is very unlikely there 
are any implementations available for production use. 

Generally speaking it is safe to say that 17 year old Internet-Drafts 
(without known implementations) may be lacking the required traction to 
become a RFC. 

So alternatively, network B can tell the route server operator via email 
"do not send me these prefixes", and the route server operator in the 
middle honors that request and doesn't send those prefixes to network B. 
Some IXP's offer a webportal for this type of functionality, other IXPs 
allow signaling via RPSL in the IRR or as mentioned before, email. 

> Obviously the most correct answer is for Network A to get routers with 
> big enough FIBs, but that's not always possible or practical. 

s/Network A/Network B/ - Yes, this can be a challenge. I fear that 
bgp-aspath-orf won't be of any help in the short term. 

Kind regards, 

Job 



More information about the NANOG mailing list