<html><head></head><body>I don't think the number of networks with disabled loop prevention is that small.<br><br>For example, let's say you're a hosting provider who has 3 locations... no reason to do cold potato routing and you don't have dedicated links between sites, yet you still want ranges announced at DC A to be reachable from DC B and C.<br><br>Kind Regards,<br>Filip<br><br><div class="gmail_quote">On 13 June 2019 5:56:16 pm GMT+02:00, Jon Lewis <jlewis@lewis.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">I've used it in the distant past for TE purposes. Assuming you're <br>poisoning one ASN via one transit it's not exactly rocket science to <br>figure out if "it worked" or not. As Warren mentioned, sometimes your <br>transits just don't provide all the knobs you need.<br><br>I suspect the number of networks that have intentionally disabled loop <br>prevention is relatively small, and those more likely "end user'ish" <br>networks that are less likely to be the target of as-path poisoning <br>TE...says the guy who just disabled loop prevention on a bunch of routers. <br>:)<br><br>On Thu, 13 Jun 2019, Jared Mauch wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> You also may not know who allows their own ASN inbound as well. It certainly is a mixed bag. <br> I do consider poisoning at best horrible hygiene and at worst evidence of malicious intent. <br> <br> Good filtering isn’t just prefix or AS path based it’s both. <br> <br> Best filtering is pinning the prefix to a specific ASN. <br> <br> Sent from my iCar<br> <br> On Jun 13, 2019, at 11:24 AM, Job Snijders <job@instituut.net> wrote:<br><br> On Thu, Jun 13, 2019 at 11:18 Warren Kumari <warren@kumari.net> wrote:<br> On Thu, Jun 13, 2019 at 9:59 AM Joe Abley <jabley@hopcount.ca> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"><br> Hey Joe,<br><br> On 12 Jun 2019, at 12:37, Joe Provo <nanog-post@rsuc.gweep.net> wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;">On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;">Send abuse complaint to the upstreams<br></blockquote><br> ...and then name & shame publicly. AS-path forgery "for TE" was<br> never a good idea. Sharing the affected prefix[es]/path[s] would<br> be good.<br></blockquote><br> I realise lots of people dislike AS_PATH stuffing with other peoples' AS numbers and treat it as a form of hijacking.<br><br></blockquote><br> Actually, I've been meaning to start a thread on this for a while.<br><br> I have an anycast prefix - at one location I'm a customer of a<br> customer of ISP_X & ISP_Y & ISP_Z. Because ISP_X prefers customer<br> routes, any time a packet touches ISP_X, it goes to this location,<br> even though it is (severely) suboptimal -- things would be better if<br> ISP_X didn't accept this route in this location.<br><br> Now, the obvious answer of "well, just ask your provider in this<br> location to not announce it to ISP_X. That's what communities / the<br> telephone were invented for!" doesn't work for various (entirely<br> non-technical) reasons...<br><br> Other than doing path-poisoning can anyone think of a way to<br> accomplish what I want? (modulo the "just become a direct customer<br> instead of being a customer of a customer" or "disable that site", or<br> "convince the AS upstream of you to deploy communities / filters").<br> While icky, sometimes stuffing other people's AS in the path seems to<br> be the only solution...<br> <br> <br> <br> Given the prevalence of peerlock-style filters at the transit-free club, poisoning the path may result in a large outage for your prefix rather than<br> a clever optimization. Poisoning paths is bad for all parties involved.<br> <br> Kind regards,<br> <br> Job<br> <br> <br><br></blockquote><hr> Jon Lewis, MCP :) | I route<br> | therefore you are<br>_________ <a href="http://www.lewis.org/~jlewis/pgp">http://www.lewis.org/~jlewis/pgp</a> for PGP public key_________<br><br></pre></blockquote></div><br>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>