Settle Free Peering - Default Route Abuse Monitoring

Raymond Beaudoin raymond.beaudoin at
Mon Sep 25 00:21:40 UTC 2017


Thanks so much for the helpful information, especially the RFC. This is
exactly what I was looking for. Have a fantastic week!

Warm Regards,
Raymond Beaudoin

On Sun, Sep 24, 2017 at 3:05 PM, Job Snijders <job at> wrote:

> Dear Raymond,
> On Sun, 24 Sep 2017 at 21:33, Raymond Beaudoin <
> raymond.beaudoin at> wrote:
>> How is this monitored and tracked? Are ACLs applied to help enforce this
>> (seems to be limited at scale)? Flow export and alarming? Analytics and
>> anomalous behavior detection? Common professional courtesy?
> This RFC covers the topic of
> “unexpected traffic flows” which is essentially the same as having default
> being pointed at you without you permission. May be worth reading!
> A most scalable option is to use a flow collection / monitoring program
> like pmacct ( to inspect flows and flag the ones that
> shouldn’t exist according to your policy. Paolo Lucente has done excellent
> work to make this problem space manageable:
> DetectingRoutingViolations
> Also, if you are at an internet exchange, make sure to enable MAC
> accounting (if available) on the IX facing interface, so you can easily
> monitor for traffic coming from MAC addresses with which you don’t have a
> BGP session.
> Kind regards,
> Job

More information about the NANOG mailing list