BGP route hijack by AS10990

• Previous message (by thread): BGP route hijack by AS10990
• Next message (by thread): BGP route hijack by AS10990
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/Aug/20 20:14, Hank Nussbacher wrote:

> AS  level filtering is easy.  IP prefix level filtering is hard. 
> Especially when you are in the top 200:
>
> https://asrank.caida.org/
>

Doesn't immediately make sense to me why prefix filtering is hard.


>
> That being said, and due to these BGP "polluters" constantly doing the
> same thing, wouldn't an easy fix be to use the max-prefix/prefix-limit
> option:
>
> https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html
>
> https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/prefix-limit-edit-protocols-bgp.html
>
>
> For every BGP peer,  the ISP determines what the current max-prefix
> currently is.  Then add in 2% and set the max-prefix. 
>
> An errant BGP polluter would then only have limited damage to the
> Internet routing table.
>
> Not the greatest solution, but easy to implement via a one line change
> on every BGP peer.
>

It's about combining multiple solutions to ensure several catch-points.
AS_PATH filtering, prefix filtering and max-prefix.


>
> Smaller ISPs can easily do it on their 10 BGP peers so as to limit
> damage as to what they will hear from their neighbors.
>

All ISP's should do this. All ISP's can.

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200801/5136cf79/attachment.html>

• Previous message (by thread): BGP route hijack by AS10990
• Next message (by thread): BGP route hijack by AS10990
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]