CloudFlare issues?
Fredrik Korsbäck
hugge at nordu.net
Mon Jun 24 20:10:54 UTC 2019
On 2019-06-24 20:16, Mark Tinka wrote:
>
>
> On 24/Jun/19 16:11, Job Snijders wrote:
>
>>
>> - deploy RPKI based BGP Origin validation (with invalid == reject)
>> - apply maximum prefix limits on all EBGP sessions
>> - ask your router vendor to comply with RFC 8212 ('default deny')
>> - turn off your 'BGP optimizers'
>
> I cannot over-emphasize the above, especially the BGP optimizers.
>
> Mark.
>
+1
https://honestnetworker.net/2019/06/24/leaking-your-optimized-routes-to-stub-networks-that-then-leak-it-to-a-tier1-transit-that-doesnt-filter/
--
hugge
More information about the NANOG
mailing list