On 24/Jun/19 16:11, Job Snijders wrote: > > - deploy RPKI based BGP Origin validation (with invalid == reject) > - apply maximum prefix limits on all EBGP sessions > - ask your router vendor to comply with RFC 8212 ('default deny') > - turn off your 'BGP optimizers' I cannot over-emphasize the above, especially the BGP optimizers. Mark.