<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 1/Aug/20 20:14, Hank Nussbacher
wrote:<br>
<br>
</div>
<blockquote type="cite"
cite="mid:e2bb60bb-6175-c3c3-2c03-2bc73885fe34@interall.co.il">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt;
</style>
<blockquote type="cite"
cite="mid:aeceb486-57f2-a23b-bbe3-df47c5e4f085@seacom.com"> </blockquote>
<p>AS level filtering is easy. IP prefix level filtering is
hard. Especially when you are in the top 200:</p>
<p><a class="moz-txt-link-freetext"
href="https://asrank.caida.org/" moz-do-not-send="true">https://asrank.caida.org/</a></p>
</blockquote>
<br>
Doesn't immediately make sense to me why prefix filtering is hard.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:e2bb60bb-6175-c3c3-2c03-2bc73885fe34@interall.co.il">
<p><br>
</p>
<p>That being said, and due to these BGP "polluters" constantly
doing the same thing, wouldn't an easy fix be to use the
max-prefix/prefix-limit option:</p>
<p><a class="moz-txt-link-freetext"
href="https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html"
moz-do-not-send="true">https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html</a></p>
<p><a class="moz-txt-link-freetext"
href="https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/prefix-limit-edit-protocols-bgp.html"
moz-do-not-send="true">https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/prefix-limit-edit-protocols-bgp.html</a></p>
<p><br>
</p>
<p>For every BGP peer, the ISP determines what the current
max-prefix currently is. Then add in 2% and set the
max-prefix. </p>
<p>An errant BGP polluter would then only have limited damage to
the Internet routing table.</p>
<p>Not the greatest solution, but easy to implement via a one line
change on every BGP peer.</p>
</blockquote>
<br>
It's about combining multiple solutions to ensure several
catch-points. AS_PATH filtering, prefix filtering and max-prefix.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:e2bb60bb-6175-c3c3-2c03-2bc73885fe34@interall.co.il">
<p><br>
</p>
<p>Smaller ISPs can easily do it on their 10 BGP peers so as to
limit damage as to what they will hear from their neighbors.<br>
</p>
</blockquote>
<br>
All ISP's should do this. All ISP's can.<br>
<br>
Mark.<br>
</body>
</html>