BGP prefix filter list

Wed May 22 18:23:20 UTC 2019

In that case shouldn't each company advertise a /21?

On Wed, May 22, 2019, 1:11 PM Sabri Berisha <sabri at cluecentral.net> wrote:

> Hi,
>
> One legitimate reason is the split of companies. In some cases, IP space
> needs to be divided up. For example, company A splits up in AA and AB, and
> has a /20. Company AA may advertise the /20, while the new AB may advertise
> the top or bottom /21. I know of at least one worldwide e-commerce company
> that is in that situation.
>
> Thanks,
>
> Sabri
>
>
> ----- On May 22, 2019, at 9:40 AM, Tom Beecher <beecher at beecher.cc> wrote:
>
> There are sometimes legitimate reasons to have a covering aggregate with
> some more specific announcements. Certainly there's a lot of cleanup that
> many should do in this area, but it might not be the best approach to this
> issue.
>
> On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta <
> alejandroacostaalamo at gmail.com> wrote:
>
>>
>> On 5/20/19 7:26 PM, John Kristoff wrote:
>> > On Mon, 20 May 2019 23:09:02 +0000
>> > Seth Mattinen <sethm at rollernet.us> wrote:
>> >
>> >> A good start would be killing any /24 announcement where a covering
>> >> aggregate exists.
>> > I wouldn't do this as a general rule.  If an attacker knows networks are
>> > 1) not pointing default, 2) dropping /24's, 3) not validating the
>> > aggregates, and 4) no actual legitimate aggregate exists, (all
>> > reasonable assumptions so far for many /24's), then they have a pretty
>> > good opportunity to capture that traffic.
>>
>>
>> +1 John
>>
>> Seth approach could be an option _only_ if prefix has an aggregate
>> exists && as origin are the same
>>
>>
>> > John
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190522/51b6f099/attachment.html>