BGP prefix filter list

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 20, 2019 at 5:59 PM Seth Mattinen <sethm at rollernet.us> wrote:

> On 5/20/19 4:26 PM, John Kristoff wrote:
> > On Mon, 20 May 2019 23:09:02 +0000
> > Seth Mattinen<sethm at rollernet.us>  wrote:
> >
> >> A good start would be killing any /24 announcement where a covering
> >> aggregate exists.
> > I wouldn't do this as a general rule.  If an attacker knows networks are
> > 1) not pointing default, 2) dropping /24's, 3) not validating the
> > aggregates, and 4) no actual legitimate aggregate exists, (all
> > reasonable assumptions so far for many /24's), then they have a pretty
> > good opportunity to capture that traffic.
>
>
> I'm talking about the case where someone has like a /20 and announces
> the /20 plus every /24 it contains. I regard those as garbage
> announcements.


The lesson for all is — do not expect /24s to reach all edges.  People have
been doing this since we hit 512k routes, and will do it more often,
regardless of how much shade you throw on this mailer.

Like NAT, this is another way that IPv4 is buckling


>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190520/d0a1e9ef/attachment.html>

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]