Settle Free Peering - Default Route Abuse Monitoring
raymond.beaudoin at icarustech.com
Mon Sep 25 00:21:40 UTC 2017
Thanks so much for the helpful information, especially the RFC. This is
exactly what I was looking for. Have a fantastic week!
On Sun, Sep 24, 2017 at 3:05 PM, Job Snijders <job at ntt.net> wrote:
> Dear Raymond,
> On Sun, 24 Sep 2017 at 21:33, Raymond Beaudoin <
> raymond.beaudoin at icarustech.com> wrote:
>> How is this monitored and tracked? Are ACLs applied to help enforce this
>> (seems to be limited at scale)? Flow export and alarming? Analytics and
>> anomalous behavior detection? Common professional courtesy?
> This RFC https://tools.ietf.org/html/rfc7789 covers the topic of
> “unexpected traffic flows” which is essentially the same as having default
> being pointed at you without you permission. May be worth reading!
> A most scalable option is to use a flow collection / monitoring program
> like pmacct (http://pmacct.net/) to inspect flows and flag the ones that
> shouldn’t exist according to your policy. Paolo Lucente has done excellent
> work to make this problem space manageable: http://wiki.pmacct.net/
> Also, if you are at an internet exchange, make sure to enable MAC
> accounting (if available) on the IX facing interface, so you can easily
> monitor for traffic coming from MAC addresses with which you don’t have a
> BGP session.
> Kind regards,
More information about the NANOG